A3:2021 | Cross Site Scripting Stored (2)

Stored XSS

Stored Cross-Site Scripting is different in that the payload is persisted (stored) instead of passed/injected via a link.

Stored XSS Scenario

  • Attacker posts malicious script to a message board.

  • Message is stored in a server database.

  • Victim reads the message.

  • The malicious script embedded in the message board post executes in the victim’s browser.

    • The script steals sensitive information, like the session id, and releases it to the attacker.

Victim does not realize attack occurred

Last updated