Stored XSS

As the name infers, the XSS payload is stored on the web application (in a database, for example) and then gets run when other users visit the site or web page

Example Scenario

A blog website that allows users to post comments. Unfortunately, these comments aren't sanitized - If we now post a comment containing JavaScript code, this will be stored in the database, and every other user now visiting the article will have the JavaScript run in their browser

Impact

The malicious JavaScript could redirect users to another site, steal the user's session cookie, or perform other website actions while acting as the visiting user

How to test for Stored XSS

• Comments on a blog

• User profile's information

• Website Listings

Sometimes developers think limiting input values on the client-side is good enough protection so changing values to something the web application wouldn't be expecting is a good source of discovering stored XSS

For Example, an age field that is expecting an integer from a dropdown menu but instead, you manually send the request rather than using the form allowing you to try malicious payloads