Stored (XSS) on [google.com]
The web application allows uploading files and can upload files containing HTML content. When HTML files are allowed, XSS loads can be injected in the uploaded file. Let’s see PoC
Vulnerable URL: https://www.google.com/producer
Vulnerability: File Upload XSS
Below are the steps to reproduce the XSS vulnerability
- Go to https://www.google.com/producer and complete the registration and login process.
- Select ‘Create new design’ and choose any option like ‘Logo’ or ‘photo collage’
- Go to ‘Uploads’ option and click on ‘Upload your own image’
- create html file:
“> <img src = x onerror = prompt (document.domain)> to make an XSS payload , name it as scope.png / scope.jpeg
upload this on [https://www.google.com/producer]
The consequences of unrestricted file upload can vary, including complete system takeover.
Have a happy cross site scripting 😃
05/03/2019 ~ Report Vulnerability
06/03/2019 ~ Bug Valids.
07/03/2019 ~ -Patched / Fixed ( Bounty Rewarded ****)