Merge pull request #3 from sigpwny/xss

onload
sigpwny · Sep 22, 2024 · 1e4ef88 · 1e4ef88
2 parents 226af81 + 643eb64
commit 1e4ef88
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/fallctf-2024/src/web/web.md b/fallctf-2024/src/web/web.md
@@ -144,3 +144,13 @@ If I had set `USER INPUT` to `<script>alert("Hello!")</script>`, then the websit
 ```
 
 More details on XSS: https://portswigger.net/web-security/cross-site-scripting
+
+A useful resource for receiving requests is [webhook.site](https://webhook.site/). For example, if you need to extract some data from a website, you can have your XSS payload send a request to your webhook.site URL with the data you need.
+
+Be careful when exfiltrating data to make sure the data on the page you are trying to extract is actually loaded.
+
+```js
+window.addEventListener('load', () => {
+    // ... your code here
+});
+```