The following are the steps for detecting and exploiting this vulnerability in a web application:
- In the vulnerable virtual machine vm_1, go to Mutillidae II | Top 10 2013 | XSS | DOM | HTML5 local storage.
- This exercise shows a form that stores information in the browser's local and session storage. Enable the Developer Tools in the Network tab.
- Try adding some data and notice how there is no network communication, and that the green bar displays the value given to the key:
- If we inspect the Add New button, we see it calls a function, addItemToStorage, when clicked:
- Now, go to the Debugger tab and look for the addItemToStorage ...