Skip to main content

XSS (Stored)

Objective

Redirect everyone to a web page of your choosing.

Security Level: Low

Low level will not check the requested input, before including it to be used in the output text. Spoiler: Either name or message field: .

1

We can provide any random string as the input.

2

As we can see, our input has been stored on the server.

Let's provide the following input in order to obtain the cookie.

<script>alert()</script>

3

Anytime a user visits this page and their browser enders our message, they will get this alert.