Lab 4 - Stored XSS into HTML context with nothing encoded.

This lab contains a stored cross-site scripting vulnerability in the comment functionality. To solve this lab, submit a comment that calls the alert function when the blog post is viewed.

Solution

1.Step 1: You need to click the orange button that says "Access the Lab" on the home page.

2. Step 2: Click on one of the posts, then scroll down to the comments section. There you'll find a form for leaving a comment. In this section, fill out the form with random data. In the "test comment" field, use HTML input to see whether the HTML tags will be executed and displayed as actual code, or whether the characters will be converted to plain text before being displayed so that the browser doesn't treat them as code.

3. Step 3: After submitting, a screen will appear confirming that the comment input has been successfully saved on the server.

4. Step 4: After that, return to the same blog page. As shown in the image below, the HTML tag

   Hello World

   was executed as HTML (not as plain text), meaning no encoding was performed at all. Now it's time to enter the actual XSS payload into the comment section: , and fill in the rest as in the previous step.

5. Step 5: After uploading the comment with that XSS payload script, an alert pop-up will appear. After that, the lab will change to "solved" with the text "Congratulations, you solved the lab." This works because the comment is stored in the database, the script is executed directly by the browser, and the HTML is not encoded.