xss vi filename in neorazorx/facturascripts
May 13th 2022
xss using filename
Proof of Concept
1. First download this file https://github.com/ranjit-git/poc/blob/master/xss%22'%3E%3Cimg%20src%3Dx%20onerror%3Dalert(123)%3E.jpeg in your system . Dont change the filename .
xss"'><img src=x onerror=alert(123)>.jpeg will be created in linux system . In windows its not possible .
2. upload this file to
https://localhost/ListAttachedFile and save it . Now xss is executed .
Whenever any user tru to view this file then xss is executed
xss used to still victim cookie
I was unable to reproduce the error. The file is moved to the MyFiles folder by replacing the original name with an id, and the original name is stored in the database with the html escaped.
@maintainer VIDEO POC =============== https://drive.google.com/file/d/1osDlRLN2xQqUQBQjTX1mBpbmuJs0WY1v/view?usp=sharing
Thank you very much for the demonstration. I have fixed the bug and added a test to avoid regressions.