Stored XSS is a vulnerability in which the attacker can execute arbitrary javascript code in the victim’s browser. The XSS payload is stored in a webpage and it gets executed whenever someone visits that webpage.
I used :
instead of :
in the href
attribute of <a>
tag to bypass the xss checks happening in the application.
1 A low-priv user create a page with the following payload:
<a href>CLICK HERE TO EXPLOIT THIS XSS</a>
2 Victim visit the page and click on CLICK HERE TO EXPLOIT THIS XSS
XSS alert will show the domain name.
Attacker can execute arbitrary javascript code in the victim’s browser