A3:2021 | Cross Site Scripting Stored (2)

Stored XSS

Stored Cross-Site Scripting is different in that the payload is persisted (stored) instead of passed/injected via a link.

Stored XSS Scenario

Attacker posts malicious script to a message board.
Message is stored in a server database.
Victim reads the message.
The malicious script embedded in the message board post executes in the victim’s browser.
- The script steals sensitive information, like the session id, and releases it to the attacker.

Victim does not realize attack occurred

PreviousA3:2021 | Cross Site Scripting Stored (1) | Cycubix Docs NextA3:2021 | Cross Site Scripting Stored (3) | Cycubix Docs

Last updated 1 year ago

Was this helpful?