Also, i stumble across an old blog post by rsnake where it was possible to execute XSS on an upload function.
http://ha.ckers.org/blog/20070603/image-upload-xss/
http://pstgroup.blogspot.com/2007/06/tipsimage-upload-xss.html
an example of something you might test for:
So you upload this file:
http://ha.ckers.org/image-xss/"onerror="alert('XSS')"a=".jpg
This ends up making the page look like:
The Hacka Man
Sabtu, 17 November 2007
Image upload xss
05.34
No comments
Langganan:
Posting Komentar (Atom)
0 komentar:
Posting Komentar