Trying out an XSS example
One of the most sought-after attacks by malicious users is a so-called persistent XSS attack. This means that the attacker not only manages to inject code into your web app but this injected code also remains for an extended period of time. Most often, this is achieved by tricking the app into storing the malicious, injected code in a database and then running the code on a page on subsequent visits.
Note
In the following examples, we will break our application, specific inputs to our form. You will need to log in to the database on VPS afterwards to manually clear these inputs that leave our app in a broken state.
As our app currently stands, an attacker could carry out a persistent XSS attack by filing out the Category ...
Get Flask By Example now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
