XSS Stored
Last updated
Last updated
Go to login page form
and log in using login bypass or inserting password.
Go to a page vulnerable to XSS stored like as:
in this textarea (not sanitizated) we can add whatever we want, save it and it will be stored internally and display to users that will click on 'View Blogs'.
injecting the javascript payload: <script>alert(document.cookie)</script> the
command will be execute on the click of the page: clicking on View Blog Entries: