Stored XSS into HTML context with nothing encoded
Challenge
This lab contains a stored XSS vulnerability in the comment functionality. To solve this lab, submit a comment that calls the alert function when the blog post is viewed.
Solution
Input the following into the "comment" text box on a blog post:
<script>alert(0)</script>When you reload the blog post, you will be alerted.
PreviousReflected XSS into HTML context with nothing encodedNextDOM XSS in document.write sink using source location.search *
Last updated