How the Stored XSS Attack Works?
- An attacker need to set up a rogue shopping site or hijack any legitimate shopping site
- Now modify the "CheckOut" button with a URL designed to exploit the XSS vulnerability
- Whenever Paypal users browse the malformed shopping website, and click on "CheckOut" button to Pay with their Paypal account, they'll be redirected to the Secure Payments page
- The page actually displays a phishing page where the victims are asked to enter their payment card information to complete the purchasing
- Now on clicking the Submit Payment Button, instead of paying the product price (let's say $100), the Paypal user will pay the attacker amount of attacker's choice