XSS (Stored)
Last updated
Last updated
ObjectiveRedirect everyone to a web page of your choosing.
Low level will not check the requested input, before including it to be used in the output text. Spoiler: Either name or message field: alert("XSS");.
We can provide any random string as the input.
As we can see, our input has been stored on the server.
Let's provide the following input in order to obtain the cookie.
Anytime a user visits this page and their browser renders our message, they will get this alert.