Cross Site Scripting (Stored XSS)
What Is Stored Xss (Cross Site Scripting):-
In The Stored Xss The malicious code(xss) Are Saved On Server, Like(comment Box, SignUp Form,Other Form in Website)
Persistent (Stored) XSS:
Wikipedia Definition : The persistent (or stored) XSS vulnerability is a more devastating variant of a cross-site scripting flaw: it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular browsing, without proper HTML escaping. A classic example of this is with online message boards where users are allowed to post HTML formatted messages for other users to read.
Simply Persistent XSS is occurs when the developer stores the user input data into database server or simply writing it in a file without a proper filtration , then sending them again to the client browser.
Persistent (Stored) XSS Demo
Here is a PHP code that suffers form Persistent XSS:
Code:--
After Submitting this form , Our JS code has been executed.
Keywords:-
Hacking By Navdeep Singh, Hackers Blog, Black Hat Hacker,
Hackers, hacking, Hacking News Blog, Free Hacking Study, Best Hacking Institute, Xss, Cross Site Scripting, Stored XSS, How To Hack, Hacking Book, Hacking Tools, Hacking Tutorials, Windows Hacking, Advance System Hacking, Website Hacking, Hacking News, Hackers News, The Hackers News
In The Stored Xss The malicious code(xss) Are Saved On Server, Like(comment Box, SignUp Form,Other Form in Website)
Wikipedia Definition : The persistent (or stored) XSS vulnerability is a more devastating variant of a cross-site scripting flaw: it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular browsing, without proper HTML escaping. A classic example of this is with online message boards where users are allowed to post HTML formatted messages for other users to read.
Simply Persistent XSS is occurs when the developer stores the user input data into database server or simply writing it in a file without a proper filtration , then sending them again to the client browser.
Persistent (Stored) XSS Demo
Here is a PHP code that suffers form Persistent XSS:
Code:--
<?php
if(isset($_POST['btnSign']))
{
$message=trim($_POST['mtxMessage']);
$name=trim($_POST['txtName']);
// Sanitize message input
$message = stripslashes($message);
$message = mysql_real_escape_string($message);
// Sanitize name input
$name = mysql_real_escape_string($name);
$query = "INSERT INTO guestbook (comment,name) VALUES (
'$message','$name');";
$result=mysql_query($query) or die('<pre>'.mysql_error().'</pre>');
}
?> the two parameters in that code “message” and “name” are not sanitized
properly ,the ,we store these parameters into the guestbook table, So
when we displaying these parameters back the client browser, it will
execute the malicious JavaScript code.
For Demonstrating this we will exploit DVWA application. After Submitting this form , Our JS code has been executed.
Keywords:-
Hacking By Navdeep Singh, Hackers Blog, Black Hat Hacker,
Hackers, hacking, Hacking News Blog, Free Hacking Study, Best Hacking Institute, Xss, Cross Site Scripting, Stored XSS, How To Hack, Hacking Book, Hacking Tools, Hacking Tutorials, Windows Hacking, Advance System Hacking, Website Hacking, Hacking News, Hackers News, The Hackers News
Cross Site Scripting (Stored XSS)
Reviewed by Unknown
on
12/12/2015
Rating:
Reviewed by Unknown
on
12/12/2015
Rating:
