First, let’s view one of the blog posts and scroll down to the comment section.
To perform a stored XSS attack, we need to post the comment with the malicious code so that it will be stored in their database. So the next time anyone that visits this page, their web browser will render this page while executing the malicious code.
Go ahead and post your comment.
Here we can see that when we return to the same blog post. The pop-up alert with the “Hello World” message appears. This means that you have successfully executed the attack.
Below, we can see that our comments are not shown. (*Ignore the second MrXSS comment, as I have accidentally posted another comment)
But we can inspect and see that our malicious code is actually there in the comment section.
This will be it for this lab.