XSS 10

This exercise is one of our challenges on Cross-Site Scripting

PRO
Tier
Medium
< 1 Hr.
7731

Course


This exercise is an extension of a previous lab where you learned about Cross-Site Scripting (XSS). This time, the goal is to retrieve the victim's cookies and send them to your server. You will use JavaScript to extract the cookies using `document.cookie` and dynamically create an image tag that sends this information to your server.

The process involves crafting a payload that, when executed in the victim's browser, writes an image tag to the document. This tag includes the extracted cookie data in its source URL. By ensuring proper URL encoding, particularly for characters like `+`, you can successfully transmit the cookie to your server. This exercise helps solidify your understanding of XSS attacks and their potential impact.

Want to learn more? Get started with PentesterLab Pro! GO PRO