Stored XSS on h2biz.net

I was surfing the internet when I came across this web portal http://www.h2biz.net which I found to be vulnerable to Reflected XSS.

The site http://www.h2biz.net/

So I attempted to make a Stored XSS because I noticed
a kind of message board.

I have created a temporary email for registering on the website, then I completed the registration phase.


First Phase of Registration


Second Phase of Registration

After this, I uploaded a profile picture downloaded from the internet and then I published a buzz in the home page: finally I managed to inject my XSS attack vector.

XSS payload

Now, by refreshing the home page, the effect of the XSS is publicly visible and all users are affected.

Stored XSS

Of course the “danger” of a {reflected, stored} XSS vulnerability is the same: what changes is the scope of the attack. The link of a reflected XSS attack must be sent manually, hoping that the victim will click it to suffer the attack; in a stored XSS, on the other hand, it is sufficient for the victim to browse the infected webpage to suffer the attack. Potentially, many more victims can be attacked and it is certainly much cooler.

Now the owners of the website have been notified of the vulnerability, thanks to my report.

Leave a Reply