🧪 Stored XSS Lab (Comments Functionality)

📌 Info

This lab contains a stored cross-site scripting (XSS) vulnerability in the comment functionality.

🎯 Goal

Submit a comment that calls the alert function when the comment author name is clicked.

⚠️ Vulnerability

• The page has a comments feature.
• Each comment displays the author’s name as a clickable link (<a> tag).
• The application takes the Author name / Website URL value provided by the user and places it inside the href attribute of the anchor element without sanitization.
• This allows attackers to inject JavaScript code directly into the href attribute.

Example vulnerable rendering:

<a href="USER-INPUT">AuthorName</a>

🛠️ Exploitation Steps

1. In the Website/Author URL field of the comment form, inject:

   javascript:alert("xss is here")
   
   

2. The application stores this value in the database.

3. When displayed, the HTML becomes:

   <a href="javascript:alert(\\"xss is here\\")">YourName</a>