This lab contains a stored XSS vulnerability in the comment functionality, first of all what's stored XSS?, It's also known as persistent or second-order XSS, occurs when attackers inject malicious scripts into web applications that permanently store user-generated input, such as comments, forum posts, or user profiles, It's more dangerous that reflected because all the users that visit that page get that javascript code you injected executed in their browser.

Let's get back to the lab, this one is also easy, there is no defense made by the developer, we inject the payload <script>alert(0)</script> in the commect section and see what we will get.

Each time we visit the post page that has the comments we get an alert(0) pop up, so the payload we injected got stored in the server and each one visits that page will get the same pop up alert.

Thanks for reading.