CompTIA PenTest+ PT0-002 Practice Question
A penetration tester is evaluating a website to determine if it is vulnerable to cross-site scripting attacks. During their assessment, they find that the website allows users to post comments which are then viewable by other visitors without any input sanitization. Which type of payload would be MOST effective for establishing a persistent cross-site scripting attack?
Local JavaScript file inclusion that would execute the payload from the user's device
Self-executing script that activates once but requires a page refresh to execute again
URL manipulation to reflect malicious code execution only once
Script inclusion that stores malicious code in the website’s database