Stored XSS - Mutillidae

When user using this blog and load database records contains the script code, the malicious code will be execute on browser.

Stored XSS - DVNA

Step 1: Login to the application and navigate to http://192.168.31.112:9090/app/products

Step 2: Click "Add Product" and fill the product details. Click "submit" and intercept the request using Burp.

Step 3: Modify the "description" parameter in the POST request body to <script>alert(document.domain)</script>. Forward the request

Step 3: In the response, notice that <script>alert(document.domain)</script> is part of the HTML in the products page. Navigate to http://localhost:9090/app/products and you'll see an alert

PreviousDOM XSS NextXSS - Sending data to remote server

Last updated 4 years ago

Was this helpful?