Stored XSS into HTML context with nothing encoded

Challenge

This lab contains a stored XSS vulnerability in the comment functionality. To solve this lab, submit a comment that calls the alert function when the blog post is viewed.

Solution

Input the following into the "comment" text box on a blog post:

<script>alert(0)</script>

When you reload the blog post, you will be alerted.

PreviousReflected XSS into HTML context with nothing encoded NextDOM XSS in document.write sink using source location.search *

Last updated 1 year ago