## https://sploitus.com/exploit?id=67D5C133-2D28-56DF-B3FF-FA397606547D
This repository is an offensive tool for web application exploitation, specifically for cross-site scripting (XSS) attacks. It contains a collection of payloads and scripts that can be used to exploit vulnerabilities in web applications. The payloads are designed to be injected into a vulnerable web application, allowing an attacker to execute arbitrary code on the victim's system.
The repository includes various payloads, such as:
`apache_httponly_bypass.js`: uses an excessively large cookie to exploit CVE-2012-0053 and extract HTTPOnly cookie values from the response.
`contentstealer.php`: steals the content of the current page, a specific element, or another page within the same origin as the exploited web app.
`cookiestealer.php`: steals cookies from the site.
`formjacker.php`: man-in-the-middle every form on the page so that it sends data via this script.
`formsubmitter.php`: injects into a page in order to retrieve and submit a form from another page.
`generator.php`: XSS Payload generator and dropper.
`local_network_scan.php`: scans the local /24 network and logs internal IP addresses and open ports.
`loginpage.php`: calls this script from an injected <script> tag to pop up