Lab Overview
This lab focused on exploiting a stored Cross-Site Scripting (XSS) vulnerability within an anchor tag's `href` attribute, where double quotes are HTML-encoded

Lab Work
To begin, I loaded the lab and identified input fields that could be vulnerable to Cross-Site Scripting attacks

Upon inspecting a blog post, I found a comment section with two potentially vulnerable input fields

My first attempt involved injecting a simple alert payload into the comment field:
<script>alert(1)</script>

This payload did not yield the expected results, so I proceeded to test the URI field, targeting it with the following payload:
javascript:alert(1)
A Uniform Resource Identifier (URI) is a string used to identify resources such as webpages, files, or email addresses. Exploiting the URI field is a common technique for triggering XSS attacks
Using Burp Suite, I intercepted the original request and modified it in the Repeater tool to inject the payload before resending the request
The second payload successfully exploited the vulnerable URI field, resulting in the alert box appearing


Conclusion
This lab demonstrated the importance of testing all input fields for potential vulnerabilities. I tested two fields: the comment section and the URI field. While the comment field did not result in a successful XSS attack, the URI field was vulnerable, and I was able to execute a stored XSS payload.
This vulnerability falls under the OWASP Top 10 A03: Injection category, specifically within the Cross-Site Scripting (XSS) subset. XSS vulnerabilities account for approximately 18% of reported security issues and remain a significant risk to web applications.
Mitigation Strategies
Ensuring robust input validation, output encoding, and HTML sanitization is essential for mitigating XSS vulnerabilities. Specifically:
All variables should undergo strict validation and sanitization before use.
Output encoding ensures that user input is safely rendered on the page.
Using tools like Content Security Policies (CSPs) can provide additional layers of protection.