Stored XSS due to Unrestricted File Upload in star7th/showdoc
Mar 13th 2022
Stored XSS via uploading files in
Proof of Concept
Steps to Reproduce
1.Login into showdoc.com.cn.
2.Navigate to file library (https://www.showdoc.com.cn/attachment/index)
3.In the File Library page, click the Upload button and choose the poc.aspx
4.After uploading the file, click on the check button to open that file in a new tab.
XSS will trigger when the attachment is opened in a new tab.
An attacker can perform social engineering on users by redirecting them from a real website to a fake one. a hacker can steal their cookies etc.
This is a PHP service and will not execute ASPX files. So it doesn't affect.
No, I tried, and it was implemented.