.png)
1 week ago
25 BOOK THIS SPACE FOR AD
ARTICLE AD
Stored XSS is a dangerous vulnerability where attackers inject malicious scripts that are stored on a server and executed for any user who views the affected page. This allows attackers to steal data, hijack sessions, or spread malware. Preventing stored XSS involves sanitizing user inputs, encoding outputs, and using security headers like Content Security Policy (CSP).
Demo:
link of the lab: https://0a6b009804f1ca80800d853f004400a0.web-security-academy.net/
As you can see that this is our target. And we have to test our XSS payloads in this Lab. So this is Stored XSS lab. We don’t have to encode anything.
So we are going to comments, to go the comments we can see that there is view post. So, we are going to use the view post and go into the comments. If you are going to this lab. You can see that there is much more post. You can choose any of the post. It won’t matter as the stored XSS is present in all of the posts.
while we go the comments we can see that there is 4 input fields in it. But if you read the instructions we found that the Stored XSS is present in the comments section. You can write random name, email. But you have to craft your XSS payloads in the commands field.
As i mentioned above the payload should be written in the comments section.
After you have posted the comment. You can see that the lab has been solved and the payload has been executed.
Bengali (Bangladesh) · 
English (United States) ·