You are currently viewing Stored DOM XSS

Stored DOM XSS

Introduction to Stored DOM XSS

Stored DOM XSS is a web security vulnerability where untrusted data is stored in a web application’s database and displayed to users without proper validation or encoding. This vulnerability allows attackers to inject and execute malicious scripts within the DOM of a web page. To mitigate stored DOM XSS, web developers must implement input validation and output encoding practices. Regular security assessments, secure coding practices, and staying updated with the latest guidelines are crucial to protect against stored DOM XSS vulnerabilities. Prioritizing web security and implementing robust measures to validate, sanitize, and encode user input ensures the integrity and security of users’ data and browsing experience.

Lab Solutions | Practical Work Time Stored DOM XSS

This lab demonstrates a stored DOM vulnerability in the blog comment functionality. To solve this lab, exploit this vulnerability to call the alert() function.

Stepwise Solution of the lab:-

After accessing the lab you can see there are lots of posts. (Scroll down a little bit)

Without any further ado, click any post via clicking “View post”.

In my case, I chose this. Again scroll down to see if we could find any functionality that might lead to Stored DOM XSS (Cross-Site scripting).

So yeah, here we go. In this scenario, we can use the below payload to solve this lab.

<><img src=1 onerror=alert(1)>

Fill the form like this and click on ‘Post comment’.

Now click on “Back to blog” and see what’s going to happen.

Well, you can see the prompt and the lab has been solved.

I hope you had loved reading this article after you had completed this article we highly recommend you to study the next article: Exploiting cross-site scripting to steal cookies, please don’t forget to leave a comment over here and share it with your friends as well, Good Luck!

Thank you for reading, if this article really helps you then do share it with your mates.
And follow @masaudsec on Twitter.


What is web security?

Website security refers to protecting a website or web application from cyberattacks, unauthorized access, or other security threats.

What is web application security?

Web application security means protecting a website from cyberattacks. These attacks may include vulnerabilities such as SQL injection, XSS, file inclusion, and others.

Which of the following is a good security practice for web browsing?

It is always a good practice to use an up-to-date browser with timely updates. Keep your browser plugins up-to-date, avoid malicious websites and links, and always enable 2-factor authentication while avoiding clickjacking.

How to find someone’s social security number on the dark web

Searching for someone’s social security number or credit card information on the dark web is illegal and unethical. It is important to always avoid such activities and protect yourself and others from cyber threats.

Leave a Reply