• Twitter
  • Facebook
  • Youtube

Wednesday, July 15, 2015

What is Stored Cross-Site Scripting(XSS) Attack & its testing

Today, i will tell you about Stored Cross-Site Scripting(XSS) vulnerability.
You may have seen my previous videos related to XSS testing and Flash-XSS.But now i will tell you about its Stored Type .



Stored Cross-Site Scripting(XSS) Attack and its testing.
In the Following video you will learn:
  • What is Stored Cross-Site Scripting(XSS).
  • How to test Stored-XSS vulnerability in a site.
  • Detection of Stored-XSS

In Stored XSS(also known as persistent-XSS), the XSS code is stored in the site's database.for example we posted a script in a comment and post it.so it will be saved in the site even if we refresh it.so if its vulnerable, it will show xss whenever the page loads.
The testing is same as nomal xss.we just need to check if our xss is stored in the page.we check that by refreshing the page.
For example if i post a comment using a payload "/><svg/onload=prompt(1)>
and then XSS executes
now if i refresh the page and visit it again and if the popup executes it means its vulnerable to Stored XSS.
This can be used to inject keylogger,deface site and perform other attacks like Redirection when victim opens the site and like that.

Shawar Khan
Cyber Security Researcher

Contact

Get in touch with me