What Is A “Blind” XSS
The Blind XSS (BXSS) is a type of Persistent XSS attack where the hacker ‘blindly’ targets webpages that store user input in a database (like blogs, forums, contact forums, login pages etc etc) the BXSS and the Persistent XSS attacks are pretty identical in terms of target goal and the payload stored, the difference is in the execution of the attack.
In BXSS, the hacker fires off payloads into the vulnerable sties but doing it manually is cumbersome. The process can be automated using XSS security tools such as XSS Hunter, which finds XSS vulnerabilities on web pages, automatically creates payloads for those vulnerabilities and even correlates injection attempts. The hacker isn’t expecting to see any immediate response or sign that the attack worked, they aren’t even aware if the payload was stored in the same web application or even stored in the first place….hence the “Blind” in Blind XSS.
The BXSS sometimes targets sites administrators because of the malicious script is commonly either sanitized before being served to everyday site visitors or served b ya different web application. Site admins/mods who use management web sessions to load content for administrative tasks might find themselves executing the malicious code in the admin interface.
Credit : thecybersecurityman