XSS 10
This exercise is one of our challenges on Cross-Site Scripting
This exercise is an extension of a previous lab where you learned about Cross-Site Scripting (XSS). This time, the goal is to retrieve the victim's cookies and send them to your server. You will use JavaScript to extract the cookies using document.cookie
and dynamically create an image tag that sends this information to your server.
The process involves crafting a payload that, when executed in the victim's browser, writes an image tag to the document. This tag includes the extracted cookie data in its source URL. By ensuring proper URL encoding, particularly for characters like +
, you can successfully transmit the cookie to your server. This exercise helps solidify your understanding of XSS attacks and their potential impact.