What Is Persistent XSS?
Persistent XSS, also known as persistent cross site scripting is a way to inject code into a sites database. The way this occurs is due to areas in the code, called parameters that don’t do proper security checks that communicate with the database.
You might be thinking that this sounds a lot like sql injection, and while there are similarites, there are also differences. We have one awesome example of persistent XSS art by a grey hat hacker we interviewed. He demonstrated how he put pages onto a site allowing file uploads among other things, that wasn’t his. XSS can be a method to deliver malicious code into a site, or for non-malicious purposes creating harmless pop ups.
What is the difference between sql injection and Persistent XSS?
Persistent XSS can end up stored in a database adding code, but the use cases are different. XSS can add malware onto your device or trick you into submitting data through a form, among other things. SQL injections as detailed above are more focused on stealing straight from the database.