Lab: Stored XSS into HTML context with nothing encoded
This lab contains a stored cross-site scripting vulnerability in the comment functionality.
To solve this lab, submit a comment that calls the alert function when the blog post is viewed.
Enter the following into the comment box: <script>alert(1)</script>
- Enter a name, email and website.
- Click "post comment".
- Go back to the blog.