Started with a standard html script tag "<script>alert('Reflected XSS')</script>", this script tag tells the browser to stop reading text and start running instruction, we use this to know that we have control and there's a XSS vulnerability, and this script is temporary and happens only when you send the request.

Next we use a script that keeps rerunning when then page reloads, thats what stored xss does. <script>alert('Stored Meow Meow')</script>

On the System log i can see i broke into the target without being noisy, Blue teamer have to review this system logs to see detection the bridge.