Cross Site Scripting (XSS) explanation

Today, I will tell you a little bit about Stored Cross-site Scripting (XSS) attack.

XSS is a web application vulnerability which allows an attacker to execute any JavaScript code in the site.
That code can be malicious and maybe used to deface the site, perform Denial of Service(DoS) attack, or perform other attacks like keylogging and phishing.

Stored XSS is a type of XSS in which the XSS code is stored in the site’s database.

For example if a site allows the user to insert a comment. When the user post the comment and refreshes the page then the comment is still there even if we refresh the page.

If the attacker inject XSS payload in the comment and post it then the XSS will be stored as the comment and will be executed when the comment page is viewed.

This is the most dangerous type of Cross-Site Scripting (XSS) vulnerability and it is very high risk. The most worst case is the attacker grabs the cookies of the login admin and can hijack its session.

its never secure

1 Like

thanks,really useful stuff

1 Like

Snapdragon likes this

OK one quick question …who stores the xss code in the database… is it the admin or attacker

attacker

Klist was very vulnerable to this…

i dont think so… wanderi alikua amekaza security yake… huku ndio mashimo ni mob

Hapa sasa ndo sishikanishi any wazae.

@highschooler unalipisha ngapi kuattack na kuiba data or kudeface a site

I used to get some message about such whenever I opened olx up till a few months ago. I thought it was my no-script add-on that was giving me issues.

1 Like

haha hiyo ni biashara za dark web boss… unataka nikujiwe na feds

I mean if i need data from like KRA site.

haha ati KRA?! hapo siwes kusaidia bro… probably there are people waiting for me there