Stored Html Injection
Unlike reflected HTML injection, Stored HTML injection allows the injection of certain HTML tags, which remain permanently inside the web-applications.
Exploitation
The webapp takes in user’s input and saves it in a table. Let’s enter a text and submit it.
As you can see, our text was added in the entry. Since it was saving and reflecting our input back, it might be vulnerable to stored html injection if it does’nt sanitize user’s inputs. We can further inspect the page.
Let’s try to inject html link and see whether it will be added as link. We will submit this input <a href=#>click here</a>.
As you can see we were able to inject a link in the entry, which will remain permanently and will be seen by whoever visits the page.
Mitigations
- Filter metacharacters from user input.