<script>alert (document.cookie)</script> 获取cookie
Experimental environment with DVWA
First with a system login account, ADMIN password
To set the security level to low.
Get cookie to copy it.
security=low; PHPSESSID=aa88b518beec0f71da6178d75bbbe58f
Next, use of tools burpsuite cookie to be replaced
A simple cookie hijacking finished it.