Today, I will tell you a little bit about Stored Cross-site Scripting (XSS) attack.
XSS is a web application vulnerability which allows an attacker to execute any JavaScript code in the site.
That code can be malicious and maybe used to deface the site, perform Denial of Service(DoS) attack, or perform other attacks like keylogging and phishing.
Stored XSS is a type of XSS in which the XSS code is stored in the site’s database.
For example if a site allows the user to insert a comment. When the user post the comment and refreshes the page then the comment is still there even if we refresh the page.
If the attacker inject XSS payload in the comment and post it then the XSS will be stored as the comment and will be executed when the comment page is viewed.
This is the most dangerous type of Cross-Site Scripting (XSS) vulnerability and it is very high risk. The most worst case is the attacker grabs the cookies of the login admin and can hijack its session.
its never secure