# Persistent XSS

Persistent XSS is javascript that is run when the server loads the page containing it. These can occur when the server does not sanitise the user data when it is **uploaded** to a page. These are commonly found on blog posts.

### OWASP Juice Shop Example

First, login to the **admin** account.

We are going to navigate to the "**Last Login IP**" page for this attack.\
\
It should say the last IP Address is 0.0.0.0 or 10.x.x.x 

As it logs the 'last' login IP we will now logout so that it logs the 'new' IP.

Make sure that Burp **intercept is on**, so it will catch the logout request.

We will then head over to the Headers tab where we will add a new header:

| True-Client-IP | \<iframe src="javascript:alert(\`xss\`)"> |
| -------------- | ----------------------------------------- |

Then forward the request to the server! When **signing back into the admin account** and navigating to the Last Login IP page again, we will see the XSS alert!

**Why do we have to send this Header?**

The True-Client-IP  header is similar to the X-Forwarded-For header, both tell the server or proxy what the IP of the client is. Due to there being no sanitation in the header we are able to perform an XSS attack.&#x20;


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://wiki.zacheller.dev/web-app-pentest/xss/persistent-xss.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.