XSS (Stored)

Objective

Redirect everyone to a web page of your choosing.

Security Level: Low

Low level will not check the requested input, before including it to be used in the output text. Spoiler: Either name or message field: alert("XSS");.

• We can provide any random string as the input.

• As we can see, our input has been stored on the server.

• Let's provide the following input in order to obtain the cookie.

<script>alert()</script>

• Anytime a user visits this page and their browser renders our message, they will get this alert.