This lab contains a stored cross-site scripting vulnerability in the comment functionality.
To solve this lab, submit a comment that calls the alert function when the blog post is viewed.
Access to the lab
https://0a7900e404a806d2c000170700c90074.web-security-academy.net
Solution
Click on View post button:
https://0a7900e404a806d2c000170700c90074.web-security-academy.net/post?postId=6
At the bottom of the page, there is a comments section where you can add a message.
We can try to use the comment system to place our payload.
Now access again to the post and a popup will appear.
