Session Stealing (Stored XSS)

In this lab, you will learn how to attack a forum with a Stored Cross-Site Scripting (XSS) vulnerability by attempting to post a SCRIPT element within the form for a forum.

outcomes:

In this lab, you will learn to:

Attack a PHP forum using a stored XSS vulnerability.
Steal a PHP session ID using a SCRIPT element within the form to post to a forum.

videos:

Before you start this lab, review these videos.

Reflecting Session IDs

Setting Up a Collection Server

Alice Logs In

Alice Gets Owned

Overview

The development of this document is funded by the Boston Area Advanced Technological Education Connections (BATEC) Grant No. NSF-0703097 thru Bunker Hill Community College.

Stored XSS can be one of the more devastating types of XSS. Exploitations via this attack result in insertions on server side that execute every time the webpage is visited. In this lab, we will demonstrate session stealing through a stored XSS attack.

Session Stealing through XSS Attack

Courses

Pentesting and Understanding Vulnerabilities - Skill Labs

Key terms and descriptions

Cross-Site Scripting

Cross-Site Scripting (XSS) is a type of injection attack that involves exploitations through code.

Stored XSS

Stored XSS is the main focus of this lab and is both a client-side and server-side attack, whereby a PHP script receives data from an unverified source and includes that data within its later HTTP response.