xss vi filename in neorazorx/facturascripts
May 13th 2022
xss using filename
Proof of Concept
1. First download this file https://github.com/ranjit-git/poc/blob/master/xss%22'%3E%3Cimg%20src%3Dx%20onerror%3Dalert(123)%3E.jpeg in your system . Dont change the filename .
xss"'><img src=x onerror=alert(123)>.jpeg will be created in linux system . In windows its not possible .
2. upload this file to
https://localhost/ListAttachedFile and save it . Now xss is executed .
Whenever any user tru to view this file then xss is executed
xss used to still victim cookie