O'Reilly logo

Mastering Modern Web Penetration Testing by Prakhar Prasad

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Stored XSS

Stored or persistent XSS is a sub-type of XSS vulnerability and differs from reflected XSS by the fact that it is persistent in nature. It means that the payload, once inserted into a page, will stay and execute permanently on the page. This is sneakier than its reflected counterpart as most of the time the victim is simply unaware of the fact that a malicious code is running inside the affected website, making it a perfect choice for XSS worms. I hope some of you may be aware of the Samy worm which exploited a weak XSS filter in MySpace to create a persistent XSS scenario in which thousands of victims unknowingly executed the wormable JavaScript code, which further spread the code. Stored XSS vulnerability is pretty common in places ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required