Writeups and Walkthroughs

Home GitHub Portfolio Twitter/X Medium Cont@ct

Home GitHub Portfolio Twitter/X Medium Cont@ct

✍️Writeups and Walkthroughs
THM
HackTheBox
Vulnhub
- Brainpain (BoF)
DockerLabs
DVWA
Mutillidae II
Secure Bank
PortSwigger - Web Security Academy
HomeMade Labs

Powered by GitBook

On this page

Mutillidae II

XSS

XSS Stored

PreviousXSS Reflected NextXSS DOM-Based

Last updated 2 months ago

XSS - Stored - Second Order

Go to login page form

and log in using login bypass or inserting password.

Go to a page vulnerable to XSS stored like as:

in this textarea (not sanitizated) we can add whatever we want, save it and it will be stored internally and display to users that will click on 'View Blogs'.

injecting the javascript payload: <script>alert(document.cookie)</script> thecommand will be execute on the click of the page: clicking on View Blog Entries:

https://127.0.0.1/index.php?page=view-someones-blog.php

https://127.0.0.1/index.php?page=login.php

https://127.0.0.1/index.php?page=add-to-your-blog.php