=

02 - Stored XSS into HTML context with nothing encoded

This lab contains a stored cross-site scripting vulnerability in the comment functionality. To solve this lab, submit a comment that calls the alert function when the blog post is viewed.

Given XSS in comment

End goal call alert function


Start the lab , on home page open any given post. Scroll down to comments. In comment section write out xss payload which calls the alert function of javascript to give an alert popup.

Payload <script>alert(2)</script>

comment

After submitting the comment we got an alert pop-up that means our payload get stored into the page and weh a user visits that page then our payload would get executed.

search

Lab solved :
search
(If you have any type of query / Question / suggestion .. feel free to ask below. We would be happy to connect you. Have a great day buddy!!)