Hello guys Hope everyone is doing well. I would like to share one of my findings in recent days.
What Cross Site Scripting(XSS)? How the attackers make use of it?
Basically Cross Site Script is an scripting vulnerabilty present on websites. If the website is vulnerable to XSS the attacker will make use of XSS vulnerablity to exploit users visting to the vulenrable website also attacker will send the weblink with encoded payload to any victim via any of delivery channels and trick the user to click or hover the link.
How do I achive XSS using File Upload?
On Initial Phase, I tried to upload files with multiple file extentions(.php, .docx, .xlsx etc.,) but i cannot make it because the developer blacklisted the file extentions.
After few attempts, Once again I tried to upload file with “.html” extention which I created for CSRF. Finally the html file got uploaded successfully.
Then I just travesed to the location of the file (XSS.HTML) from main page, then the magic happens.
Remidiation:-
Restrict file types accepted for upload: check the file extension and only allow certain files to be uploaded.
Whitelist approach should be used instead of a blacklist. Check for double extensions such as .php.png.html.php etc. Change the permissions on the upload folder so the files within it are not executable.
