Main Content

Ep-5: What is Persistent XSS

Table Of Contents


XSS Types

Persistent XSS

Persistent XSS vs Reflected XSS

Assignment Scenario

Assignment 1: Persistent XSS

  1. Try to obtain Persistent XSS within http://localhost:3000/#/contact
  2. Given the output in the Customer Feedback section, how is the application handling XSS attacks?
    • Within the context of this feature, why is this a bad practice?

Assignment 1: Persistent XSS (Answer)

  1. Instead of rejecting unexpected input, the application is sanitizing it
    • This is very difficult to implement properly
      • Hmm… How can this step be exploited?
  2. Alert
    • If input is unexpected, fully reject it
      • There is no reason why html markup should be placed within the Comment field

Assignment 2: XSS Sanitization Issues

Assignment 3: Information Leakage

  1. Through the browser, view Juice Shop's package.json
    • Unfortunately, this file is often easily available
    • Hint
      • app.use(express.static(applicationRoot))

Assignment 3: Information Leakage (Answer)

Assignment 4: Reconnaissance Through Npm Audit

  1. Upgrade npm to [email protected]+
  2. cd into the directory with the package.json
  3. npm i --package-lock-only
  4. npm audit > audit.txt
  5. What vulnerability within sanitize-html can be leveraged to exploit Assignment 2?

Assignment 4: Recon Through Npm Audit (Answer)

Assignment 5: Persistent XSS

Assignment 5: Persistent XSS (Answer)

Persistent XSS Summation