miércoles, 19 de noviembre de 2014

[image filename self-XSS] imgur [reported, unfixed]

This is a Self-XSS I discovered in the famous images uploader imgur.com
Steps to reproduce:
1. Take any image you have in your system, for example "cats.png"
2. Go to the terminal and rename it, I used: mv 'cats.png' '"><svg onload=prompt(document.domain)>.png'
3. Upload the renamed image.
4. XSS!

Kind regards.

No hay comentarios:

Publicar un comentario

Please, leave a comment! Thank you!