Burp Suite Academy lab – Stored XSS into HTML context with nothing encoded

This lab contains a stored cross-site scripting vulnerability in the comment functionality.
To solve this lab, submit a comment that calls the alert function when the blog post is viewed.

Access to the lab



Click on View post button:


At the bottom of the page, there is a comments section where you can add a message.

We can try to use the comment system to place our payload.

Now access again to the post and a popup will appear.

Deja una respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *