Introduction to Stored XSS into HTML context with nothing encoded
In Stored XSS into HTML context, Stored XSS (Cross-Site Scripting) is a sort of web vulnerability in which a malicious code is injected into a website and then stored and presented to other users. When the injected code is run by the victim’s browser, it can cause a variety of security vulnerabilities, including the theft of personal information, session hijacking, and the transmission of malware.
Lab Solutions | Practical Work Time Stored XSS into HTML context
This lab contains a stored cross-site scripting vulnerability in the comment functionality.
To solve this lab, submit a comment that calls the alert function when the blog post is viewed.
Stepwise Solution of the lab:-
After accessing the lab you can see there are lots of posts. (Scroll down a little bit)
So without further delay let’s visit any of them by clicking on ‘view post’.
If you’ve seen the post let’s focus on the comment section. Cause here we have come to do Stored XSS (Cross-site scripting). Next, we will do a simple task to solve this lab.
Here in the comment, you can put a common payload for XSS. We usually used it many times for Web-Application Pen-Testing.
<script>alert(1)</script>
Just because of the formality maintain you can put all the information stepwise that they’ve given it’s section.
(example:- Name, Email, Website)
Now simply click on Post comment. And see what happens.
See, we’ve successfully solved this lab. But now let me explore something interesting what happened to the main
page we’ve pushed the payload. So simply click on ‘<Back to blog’.
See guy’s it’s the main thing about Stored XSS. Usually, when users visit this page no matter how many times they visit, it will show the same prompt (or pop up you can say). You can simply refresh that page to understand what I’m talking about.
In the next article, we will discuss DOM XSS from the beginning of it. (With a real-world web application perspective).
I hope you had loved reading this article after you had completed this article we highly recommend you to study the next article: Stored XSS into HTML context with nothing encoded, please don’t forget to leave a comment over here and share it with your friends as well, Good Luck!
Thank you for reading, if this article really helps you then do share it with your mates.
And follow @masaudsec on Twitter.
FAQS
Website security refers to protecting a website or web application from cyberattacks, unauthorized access, or other security threats.
Web application security means protecting a website from cyberattacks. These attacks may include vulnerabilities such as SQL injection, XSS, file inclusion, and others.
It is always a good practice to use an up-to-date browser with timely updates. Keep your browser plugins up-to-date, avoid malicious websites and links, and always enable 2-factor authentication while avoiding clickjacking.
Searching for someone’s social security number or credit card information on the dark web is illegal and unethical. It is important to always avoid such activities and protect yourself and others from cyber threats.
