๐งช Lab Information
- Type: Stored Cross-Site Scripting (XSS)
- Goal: Submit a comment that triggers the
alert() function when the blog post is viewed.
๐ Steps to Solve
-
๐ Identify the Input Point
- The vulnerability exists in the comment section.
- Fill in the form fields normally (name, email, comment, etc.).
-
๐ก Understand the Vulnerability
- Stored XSS means the malicious script is saved in the database.
- Anyone viewing the page will execute the script.
-
๐ป Craft the Payload
- Insert JavaScript into the comment box:
<script>prompt()</script>
- ๐ Submit the Payload
- Post the comment.
- The payload will be stored in the database.
- ๐ฏ Trigger the XSS
- Go back to the blog post page.
- The
prompt() will execute when the comment loads.
Congrats You Solved the lab ๐