What is Stored XSS | Persistent XSS | XSS Basics

The Stored XSS also known as persistent XSS attack is one of the three categories of XSS attack. The Stored xss occurs when a malicious script is injected directly into a vulnerable web application, and the injected script get permanently stored inside the web application server. And when a victim navigates to the affected web page in a browser, the XSS payload will be served as part of the web page and victims will inadvertently end-up executing the malicious script once the page is viewed in a browser. Since this vulnerability typically involves at least two requests to the application, this may also called second-order XSS. Stored XSS does not need a malicious link to be exploited. A successful exploitation occurs when a user visits a page with a stored XSS. The following phases relate to a typical stored XSS attack scenario:

  • Attacker stores malicious code into the vulnerable page
  • User authenticates in the application
  • User visits vulnerable page
  • Malicious code is executed by the user's browser

In order to successfully execute a stored XSS attack, the attacker has to locate a vulnerability in a web application and then inject malicious script into the server. One of the most frequent targets are websites that allow users to share content, including blogs, social networks, video sharing platforms and message boards etc. Every time the infected page is viewed, the malicious script is transmitted to the victim's browser.

With Stored XSS an attacker could conduct number of browser-based attacks, such as :

  • Hijacking another user's browser
  • Capturing sensitive information viewed by application users
  • Defacement of the Website/Web Application
  • Directed delivery of browser-based exploits
  • Other malicious activities

Example of Stored XSS :

For demonstrating stored xss, we are going to use DVWA, and for xss payload we are going to use :
The above javascript code shows the victims cookie information in a message box.

And after storing that malicious payload into web application, when the victim visits the vulnerable webpage, then the payload will executed.

but in real world scenario, the attacker would use more dangerous payload like :
in order to steal the users cookie.

Conclusion :

Stored XSS attack is the most damaging attack as compared to other xss attacks, because unlike a reflected attack, where the script is activated after a link is clicked, a stored attack only requires that the victim visit the compromised web page. This increases the reach of the attack, endangering all visitors no matter their level of vigilance.

Links : 

XSS Basics : Click here
Reflected XSS : Click here
DOM-Based XSS : Click here