LAB 13 - Stored DOM XSS

Initial instructions

This lab demonstrates a stored DOM vulnerability in the blog comment functionality. To solve this lab, exploit this vulnerability to call the alert() function.

To complete this lab I used the following XSS payload.

<><img src=1 onerror=alert(1)>

So I entered this payload into the comments sections and clicked in post comment.

Then if we visit the post where we posted the comment it will trigger the XSS.

Congratulations, you solved the lab!