From b76d181b47d23caeae2c1aaed7b677eb239cfb3d Mon Sep 17 00:00:00 2001
From: Thomas Vanbesien <tvanbesi@proton.me>
Date: Fri, 27 Mar 2026 19:36:19 +0100
Subject: Add stored XSS solution

---
 Stored XSS/Resources/notes.md | 10 ++++++++++
 Stored XSS/flag               |  1 +
 2 files changed, 11 insertions(+)
 create mode 100644 Stored XSS/Resources/notes.md
 create mode 100644 Stored XSS/flag

(limited to 'Stored XSS')

diff --git a/Stored XSS/Resources/notes.md b/Stored XSS/Resources/notes.md
new file mode 100644
index 0000000..e628343
--- /dev/null
+++ b/Stored XSS/Resources/notes.md	
@@ -0,0 +1,10 @@
+## Exploit
+
+1. At `http://10.0.2.15/?page=feedback` there is a form whose content can be input by users and that is not filtered in any way
+1. Simply add a feedback with any name and a message containing an HTML script to execute, for example `<script>alert(123)</script>`
+
+## Fix
+
+[https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/07-Input_Validation_Testing/02-Testing_for_Stored_Cross_Site_Scripting]()
+
+Never render untrusted HTML, JS, CSS or URLs without encoding/sanitization.
diff --git a/Stored XSS/flag b/Stored XSS/flag
new file mode 100644
index 0000000..c3b8286
--- /dev/null
+++ b/Stored XSS/flag	
@@ -0,0 +1 @@
+0fbb54bbf7d099713ca4be297e1bc7da0173d8b3c21c1811b916a3a86652724e
-- 
cgit v1.2.3