XSS Via File Upload
February 02, 2022
XSS Via File Upload
While performing testing on file upload functionality, there are multiple ways to execute a cross-site scripting attack scenario. A file upload is a serious opportunity to find cross-site scripting (XSS) to a web application. Below are few ways to achieve XSS via File Upload-
1. XSS via Filename
2. XSS via Metadata
3. XSS via SVG file
4. Blind XSS via SVG
Reproduction Steps along with details of all the above methods can be found at one place in this awesome blog by Brutelogic. Check out the script to get Blind XSS via SVG file here.