Stored XSS is the most dangerous type of cross site scripting due to the fact that the user can be exploited just by visiting the web page where the vulnerability occurs.Also if that user happens to be the administrator of the website then this can lead to compromise the web application which is one of the reasons that the risk is higher than a reflected XSS.
(1)First I recommended you to view “How to fiind xss in website?” here.
(2)Open terminal & type following code in terminal.
(3)Now select option 1 which is Social-Engineering Attacks.
(4)Select option 2 which is website attack vector.
(5)Select option 3which is Java Applet Attack Method.
(6)Select option 1 web -templetes.
(7)Select option 1 java Required.
(8)Now we will select payload & encoder. So we select simple Windows Reverse_TCP Meterpreter & shikata_ga_nai encoding.
(9)Put listener port:443 . Now metasploit will open.
(12)After a while the user will notice a pop-up box that it will ask him if he wants to run the Java applet.
(13)If the user press on the Run button the malicious code will executed and it will return us a shell.
(14)sessions -i 1