Stored XSS into HTML context with nothing encoded
https://portswigger.net/web-security/cross-site-scripting/stored/lab-html-context-nothing-encoded
Last updated
https://portswigger.net/web-security/cross-site-scripting/stored/lab-html-context-nothing-encoded
Last updated
Let's comment the following payload below the post:
Since this payload is stored on the page in the form of a comment it will be executed for every user that visits the page.
We have solved the lab.