XSS (Stored)

Objective
Redirect everyone to a web page of your choosing.

Security Level: Low

Low level will not check the requested input, before including it to be used in the output text. Spoiler: Either name or message field: alert("XSS");.

We can provide any random string as the input.

As we can see, our input has been stored on the server.
Let's provide the following input in order to obtain the cookie.

<script>alert()</script>

Anytime a user visits this page and their browser renders our message, they will get this alert.

Last updated 1 year ago