4shared.com, Multiupload, Fileserve, Speedyshare..... – XSS
Am Monday, 18. Jul 2011 im Topic 'Vulnerabilities'
4shared.com does not filter their filename input which allows us to inject HTML code into the filename variable, being shown on the “Upload succes” page. This page is (by going to the page’s URL) viewable for other people as well. I’m not sure how long this page remains visible.
This kind of XSS probably works at a lot more upload services (as proven below)!
Source
http://pastebin.com/Yx8qihha
This kind of XSS probably works at a lot more upload services (as proven below)!
Source
http://pastebin.com/Yx8qihha