Cross Site Scripting (XSS) — Lab02

This is a very basic lab for stored XSS. Starting the lab, we get the following page. The page contains some blog posts.

Viewing any post provides a comment section at the end. We can test for stored XSS here as the comments get stored in the database and retrieved when someone access the page. So, we put the simple HTML heading tags in the name and comment section as these both fields are shown to the user.

After posting the comment, we get the comment rendered as heading which confirms that the comment section is not filtering user input.

Now, we can put the javascript in the comment field with script tag and it will be saved.

Moving back to the post, the javascript in the comment is executed successfully.