Blind XSS

Blind XSS is similar to a Stored XSS, but in Stored XSS our payload gets stored in the DB and gets triggered when viewed ( Blog's comment as an example ) but in this instance, we can't see the payload working or will be able to test it against yourself first

Example Scenario

Assuming, a website has a contact form where you can message a member of staff - The message content doesn't get checked for any malicious code, which allows the attacker to enter anything they wish - These messages then get turned into support tickets which staff view on a private web portal

Using the correct payload, the attacker's JavaScript could make calls back to an attacker's website, revealing the staff portal URL, the staff member's cookies, and even the contents of the portal page that is being viewed - Now the attacker could potentially hijack the staff member's session and have access to the private portal

How to test for Blind XSS

• When testing for Blind XSS vulnerabilities, you need to ensure your payload has a calls back, This way, we know if and when your code is being executed

A popular tool for Blind XSS attacks is xsshunter