Let's say we want to exploit a blind-xss vulnerability we've found.
We have a Support Ticket system in which we may create tickets, which content textarea field is vulnerable to xss.
Some helpful information to extract from another user would be their cookies, which we could use to elevate our privileges by hijacking their login session.
To do this, our payload will need to extract the user's cookie and exfiltrate it to another webserver server of our choice. Firstly, we'll need to set up a listening server to receive the information:
Now that we've set up the method of receiving the exfiltrated information, we build the payload: