## https://sploitus.com/exploit?id=14EBEE54-348C-5D85-B8EB-7FD3F8A56244
This repository is an offensive tool for web application exploitation, specifically a backdoor for web applications. It contains a JavaScript file (check.js) that is designed to be injected into a web page to steal user credentials. The tool uses the jQuery library (jquery.cookie.min.js) to manage cookies and interact with the web page.
The check.js file is a client-side script that is executed when the user interacts with a specific element on the web page (in this case, a submit button). When the user hovers over the submit button, the script sends a request to a server (xss9.com) with the user's email and password. The script uses the Image() object to create a new image element and set its src attribute to the server URL with the user's credentials as query parameters.
The jquery.cookie.min.js file is a library that provides functions for managing cookies. It is used by the check.js script to interact with the web page and steal user credentials.
The repository also contains a README file that provides information about the tool and its usage.
In terms of the specific attack vector, this tool uses a technique called "cross-site scripting" (XSS) to steal user credentials. XSS is a type of web application vulnerability that allows an attacker to inject malicious code into a web