Unrestricted Upload of File with Dangerous Type in polonel/trudesk
Jun 20th 2021
trudesk is vulnerable to arbitrary file upload. The app is allowing upload files, such as
text/html. Consequently, It is possible to exploit XSS.
🕵️♂️ Proof of Concept
- Create a ticket.
- Access the ticket created and upload an HTML file which contains
<img src onerror=alert(document.domain)>.
- Access the HTML file uploaded.