File Upload Restriction Bypass leading to Stored XSS Vulnerability
Discription

# Description
File Upload Restriction Bypass leading to Stored XSS Vulnerability, by leveraging file extension **vbhtm, vbhtml, soap, even any extension ends with html (e.g. aahtml, bbhtml)**

# Proof of Concept
Step 1) Access https://www.showdoc.com.cn/attachment/index

Step 2) Prepare a file with content below and named as xss.vbhtm to upload

Step 3) Click check

XSS will be triggered
![image](https://user-images.githubusercontent.com/21979646/158064002-eebada17-7500-46e3-ae33-3a837d813c1f.png)
# Impact
An attacker could leverage this to perform social engineering and thereby stealing victim’s cookie etc.Read More

4.3 Medium

CVSS2

  • Access Vector
  • Access Complexity
  • Authentication
  • Confidentiality Impact
  • Integrity Impact
  • Availability Impact
  • Network
  • Medium
  • None
  • None
  • Partial
  • None

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

  • Attack Vector
  • Attack Complexity
  • Privileges Required
  • User Interaction
  • Scope
  • Confidentiality Impact
  • Integrity Impact
  • Availability Impact
  • Network
  • Low
  • None
  • Required
  • Changed
  • Low
  • Low
  • None

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Back to Main
Subscribe for the latest news: