In this write-up, we presented and covered cross site scripting vulnerability both
reflected and stored using Mutillidae.

Reflected XSS
Reflected XSS is the kind of XSS that makes the browser returns an alert or cookie
back to the client. It’s not stored in the website database as Stored XSS is.
Common testing points for reflected XSS are input boxes and contact forms. In the
below figure, we have an input box that accepts a hostname.

Stored XSS
In stored XSS, the malicious javascript code gets stored in the website database
and doesn’t get reflected in a pop-up. This means we don’t need to send a crafted
URL to the target to steal their cookies. Whenever the target visits the page in
which we inserted the malicious JS, the payload will get executed each time a user
visits the vulnerable page.

Get OSCP Certificate Notes

 
About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles