Posted: 2015-05-23 16:47:04 (ohai)
In this video we exploit client side input validation to steal another user's cookie. This is a fairly standard and straightforward action. The first time I saw this in action was during a SANS course, I honestly forget which one. It doesn't really come up very often in online CTFs but might be handy to have in your backpocket.
nc -lnvp 80
Once we've got his cookies, we just edit our own, pasting in the victims' cookie info and bam, we went from being 'hacker10' to 'hacker20'.