Go to login page form https://127.0.0.1/index.php?page=login.php
and log in using login bypass or inserting password.
Go to a page vulnerable to XSS stored like as: https://127.0.0.1/index.php?page=add-to-your-blog.php
 (1).png)
in this two field will inject our payload:
element.innerHTML='... <img src=1 onerror=alert(document.cookie)> ...'the image 1 does not exist, so the alert will be triggered, the command will be injected into DOM and execute on the page:
 (1).png)
 (1).png)
 (1).png)