cors1 [TIL] - Day 1 XSS [ Failed ] Application allowed uploading files via drag/drop and file explorer. While appending filename in dom it wasn't santizing filename which allowed xss using filename ie .html Since type of xss is self here. It means user had to upload such files with malicious name to trigger the xss which is no fun . So I tried exploring other ways to make user upload filename with a xss payload to .. 2022. 8. 2. 이전 1 다음
