Stored XSS (Cross-Site Scripting) attacks are considered the most dangerous type. Normally, a Web application gathers information about a website visitor and stores the input in a data store, so it can be retrieved later and used. In a Stored XSS attack, an attacker injects their malicious code into the data store. Each visitor to the website will then run the malicious code and it will be executed on the client-side, with the security privileges of the client application. This means even if you close your browser or clear the cookies, the code may continue to be executed. The persistence of a Stored XSS attack makes it dangerous. In comparison, a Reflected XSS attack can often be resolved just by clearing your browser cookies or closing the browser session.

Rangeforce's Secure Coding Lab “Stored XSS” - OWASP Top 10 is a premium lab aimed to prepare you to use a Stored XSS attack as part of your investigation into a website that is being used to sell narcotics. You will be provided a scenario as an investigator and then will need to identify if the target is vulnerable to a Stored XSS attack. You will then write a script to receive the session cookie, port the script to the vulnerable log, and then obtain the moderator’s session ID. Once you have the session ID, you will use it to perform a session hijacking attack and impersonate the other user.