13.2 Lab: Stored XSS into HTML context with nothing encoded | 2023

This lab contains a stored cross-site scripting vulnerability in the comment functionality. To solve this lab, submit a comment that calls the alert function when the blog post is viewed | Karthikeyan Nagaraj

Description

This lab contains a stored cross-site scripting vulnerability in the comment functionality.

To solve this lab, submit a comment that calls the alert function when the blog post is viewed.

Pre-Requisite

Cross-Site Scripting (XSS) in Web App Penetration Testing | 2023

XSS and its Types in Web App Penetration Testing | 2023

Best Ways to Find XSS in Web App Penetration Testing

Solution

1. Click a Post and paste the below payload in the Comment section <script>alert(1)</script>
2. Fill in the required details like name, email, and a site with some dummy values
3. Click “Post Comment” to solve the lab
4. Click “Back to blog” to see the execution of the script

The Script will give you a pop-up alert on opening this post each time because it stores the code in the server and executes on the client side— this is stored XSS

Cyberw1ng

If you would like to support me so that I can create more free content — https://www.buymeacoffee.com/cyberw1ng

Thank you for Reading!

Happy Hacking ~

Author: Karthikeyan Nagaraj ~ Cyberw1ng

Telegram Channel for Ethical Hacking Dumps — https://t.me/ethicalhackingessentials