Stored XSS into HTML context with nothing encoded

Web Security Academy #2

Lab: Stored XSS into HTML context with nothing encoded

Lab Description

Lab Level - APPRENTICE

This lab contains a stored cross-site scripting vulnerability in the comment functionality.

To solve this lab, submit a comment that calls the alert function when the blog post is viewed.

Lab Description

---

Step to Solve the Lab

• Access the lab by click on ACCESS THE LAB.
• After access the lab I saw a simple blog web page with some posts.
• As a normal user I visit one of the blog post and see there is a comment box.
• I post one comment and see how it take my input.

Submitting a comment

• After that I saw the source code. I found there are two place where my injected text is reflected.

Reviewing the source code

• After conforming two place I inject a simple html tag in the comment box. Here is the payload :

<i>R3DW4N</i>

Inject HTML Tag

• I confirm HTML Injection

Confirming HTML injection

• After confirming HTML Injection, I inject a simple xss payload in the comment box with an alert function.

<script>alert("R3DW4N")</script>

Congratulations, you solved the lab!

• Now every time a user visit the blog post that have the xss payload injected they will saw an alert popup. To confirm this I visit the same page that I inject xss payload and saw an alert with R3DW4N text.

Confirming XSS

And that’s it for this write-ups. If you want to connect with me, here are my social media links

• LinkedIn
• Twitter
• Instagram
• Facebook
• GitHub

I create a website where you can find more Bug Bounty Related Write-Ups. Here is the website link : Hacker-Write-Ups

Also I want to create a community where you can communicate with other hackers and much more fun stuff : We-Are-Anonymous

Assalamu alaikum wa rahmatullah.