Cross-site Scripting (XSS) - Generic in prasathmani/tinyfilemanager


Reported on

Apr 16th 2021

✍️ Description

Crss site scripting bug exist via file upload

🕵️‍♂️ Proof of Concept

  1. Upload a file and capture the request in burpsuite .
  2. Now change fullpath parameter value to xss payload in burpsuite and forward the request . and see xss is executed

Video poc

💥 Impact

XSS attack via file upload

Prasath Mani
2 years ago


Issue fixed

to join this conversation