I am learning about XSS attacks.
Suppose I have a website (let's call it http://www.animallover.com
) which allows me to enter anything into a search bar to search for animal names. The website is vulnerable, as entering <script>alert(1)</script>
into the search bar triggers an alert.
My goal is to steal the user's cookie by asking the user to visit http://www.animallover.com
.
I don't have a web server to host my cookie-capture script.
What should I do?
0 Replies