Skip to content

Testing for Stored Cross Site Scripting

OWASP

OWASP Web Security Testing Guide 4.2 > 7. Data Validation Testing > 7.2. Testing for Stored Cross Site Scripting

ID Link to Hackinglife Link to OWASP Description
7.2 WSTG-INPV-02 Testing for Stored Cross Site Scripting - Identify stored input that is reflected on the client-side. - Assess the input they accept and the encoding that gets applied on return (if any).

Stored cross-site scripting is a vulnerability where an attacker is able to inject Javascript code into a web application’s database or source code via an input that is not sanitized. For example, if an attacker is able to inject a malicious XSS payload in to a webpage on a website without proper sanitization, the XSS payload injected in to the webpage will be executed by the browser of anyone that visits that webpage.

Causes

This vulnerable PHP code in a welcome page may lead to a stored XSS attack:

<?php 
$file  = 'newcomers.log';
if(@$_GET['name']){
    $current = file_get_contents($file);
    $current .= $_GET['name']."\n";
    //store the newcomer
    file_put_contents($file, $current);
}
//If admin show newcomers
if(@$_GET['admin']==1)
    echo file_get_contents($file);
?>

Welcome <?=$name?>

Attack techniques

Go to my XSS cheat sheet

Last update: 2024-04-02
Created: December 26, 2023 19:00:18