Persistent XSS §

The malicious string originates from the website’s database.

Example §

1. Imagine a web page has a form that doesn’t have XSS protection, anyone can insert any valid javascript script into the form. A attacker then inserts a malicious string into the website’s database. the data in the database would look like

latestComment: <script>// do malicious things</script>

2. Then a victim visits the page, the website will include the malicious string from the database in the response and sends it to the page.

# The original website code would look like:
<p>latest comment</p>
// server side generates the html code for comment
<p>print database.latestComment</p>

<!-- Then the website with the malicious code would look like -->
<p>latest comment</p>
<p><script>// do malicious things</script></p>

3. The victim’s browser executes the malicious script inside the response, doing some malicious things, for example, sending the victim’s cookies to the attacker’s server.