Introduction to Stored DOM XSS

Stored DOM XSS is a web security vulnerability where untrusted data is stored in a web application’s database and displayed to users without proper validation or encoding. This vulnerability allows attackers to inject and execute malicious scripts within the DOM of a web page. To mitigate stored DOM XSS, web developers must implement input validation and output encoding practices. Regular security assessments, secure coding practices, and staying updated with the latest guidelines are crucial to protect against stored DOM XSS vulnerabilities. Prioritizing web security and implementing robust measures to validate, sanitize, and encode user input ensures the integrity and security of users’ data and browsing experience.

Lab Solutions | Practical Work Time Stored DOM XSS

This lab demonstrates a stored DOM vulnerability in the blog comment functionality. To solve this lab, exploit this vulnerability to call the alert() function.

Stepwise Solution of the lab:-

After accessing the lab you can see there are lots of posts. (Scroll down a little bit)

Without any further ado, click any post via clicking “View post”.

In my case, I chose this. Again scroll down to see if we could find any functionality that might lead to Stored DOM XSS (Cross-Site scripting).

So yeah, here we go. In this scenario, we can use the below payload to solve this lab.

<><img src=1 onerror=alert(1)>

Fill the form like this and click on ‘Post comment’.

Now click on “Back to blog” and see what’s going to happen.

Well, you can see the prompt and the lab has been solved.

I hope you had loved reading this article after you had completed this article we highly recommend you to study the next article: Exploiting cross-site scripting to steal cookies, please don’t forget to leave a comment over here and share it with your friends as well, Good Luck!

Thank you for reading, if this article really helps you then do share it with your mates.
And follow @masaudsec on Twitter.

FAQS