xss-stored
OfficialExploit stored and blind XSS vulnerabilities.
Software Engineering#xss#penetration testing#web security#vulnerability exploitation#stored xss#blind xss
Authorblacklanternsecurity
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps penetration testers identify and exploit stored (persistent) and blind Cross-Site Scripting (XSS) vulnerabilities in web applications, which can impact other users or administrators.
Core Features & Use Cases
- Stored XSS Identification: Detects input that is saved and rendered unsafely on subsequent page loads.
- Blind XSS Exploitation: Aids in exploiting XSS that fires in contexts the attacker cannot directly observe, such as admin panels.
- Payload Generation: Provides various payloads for different rendering contexts and bypasses.
- Use Case: A penetration tester finds a comment section where user input is stored and displayed to all visitors. They use this Skill to inject a payload that steals admin session cookies when an administrator views the comment.
Quick Start
Use the xss-stored skill to test for stored XSS in the user profile's 'bio' field by submitting a canary payload.
Dependency Matrix
Required Modules
None requiredComponents
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: xss-stored Download link: https://github.com/blacklanternsecurity/red-run/archive/main.zip#xss-stored Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.