In the previous examples, you have seen the use of the GET method to deliver a malicious link to the victim or to store the payload in the server. Although it may require a more elaborate setup to attack in real life, XSS attacks using POST requests are also possible.
As the POST parameters are sent in the body of the request and not in the URL, an XSS attack using this method would require the attacker to convince the victim to browse to a site controlled by the attacker. This will be the one sending the malicious request to the vulnerable server, which will thus respond to the user, as shown in the following diagram:
Other XSS attack vectors
Form parameters sent by the POST or GET methods are not the only ones used for XSS attacks. Header values such as User-Agent, Cookie, Host, and any other header whose information is reflected to the client are also vulnerable and susceptible to XSS attacks, even through the OPTIONS or TRACE methods. As penetration testers, you need to test completely all components of the request that are processed by the server and reflected back to the user.
Form parameters sent by the POST or GET methods are not the only ones used for XSS attacks. Header values such as User-Agent, Cookie, Host, and any other header whose information is reflected to the client are also vulnerable and susceptible to XSS attacks, even through the OPTIONS or TRACE methods. As penetration testers, you need to test completely all components of the request that are processed by the server and reflected back to the user.