13.2 Lab: Stored XSS into HTML context with nothing encoded | 2023
This lab contains a stored cross-site scripting vulnerability in the comment functionality. To solve this lab, submit a comment that calls the alert function when the blog post is viewed | Karthikeyan Nagaraj
Description
This lab contains a stored cross-site scripting vulnerability in the comment functionality.
To solve this lab, submit a comment that calls the alert
function when the blog post is viewed.
Pre-Requisite
Solution
- Click a Post and paste the below payload in the Comment section
<script>alert(1)</script>
- Fill in the required details like name, email, and a site with some dummy values
- Click “Post Comment” to solve the lab
- Click “Back to blog” to see the execution of the script
The Script will give you a pop-up alert on opening this post each time because it stores the code in the server and executes on the client side— this is stored XSS
If you would like to support me so that I can create more free content — https://www.buymeacoffee.com/cyberw1ng
Thank you for Reading!
Happy Hacking ~
Author: Karthikeyan Nagaraj ~ Cyberw1ng
Telegram Channel for Ethical Hacking Dumps — https://t.me/ethicalhackingessentials