Stored XSS
Stored Cross-Site Scripting (XSS)
Stored XSS (also known as persistent XSS) is a more dangerous variant of XSS, where the malicious payload is permanently stored on the server. This means that every time the affected page is loaded, the malicious script is executed. Stored XSS attacks are typically carried out through input fields such as comment sections, user profiles, or any form where data can be submitted and stored in the application.
How Stored XSS Works
- Injection: The attacker injects a malicious payload into an input field (e.g., comment, search bar, or user profile).
- Storage: The malicious payload is stored on the server's database or filesystem.
- Execution: When the stored data is later displayed to users, the script is executed in their browsers, often leading to stealing session cookies, redirecting users, or defacing content.
Let's consider a comment system where user input is stored and reflected in the webpage:
If an attacker submits a comment like this:
The script will be stored in the server and executed every time the comment is viewed by a user.
Stored XSS can impact all users who visit the affected page, not just the attacker. It's a persistent vulnerability that requires proper validation and sanitization to prevent.
Advanced Techniques
Once an attacker successfully injects a stored XSS payload, they can escalate their attack by:
- Mass exploitation: Since the payload is stored and executed on each page load, attackers can affect a wide range of users, even those who never clicked on malicious links.
- Malicious redirects: Redirecting users to phishing sites or malicious downloads.
- Keylogging: Capturing user input such as passwords or credit card details through injected scripts.
- Defacing: Changing the content of a webpage to mislead or deceive users.
Always obtain authorization before attempting to exploit or test for XSS vulnerabilities in a web application.