Back to directory
WRITEUP #3655

Account takeover via stored XSS with arbitrary file upload

XSSInsecure file uploadAccount takeover
by@0xbadb00da(0xbadb00da)
Program
-
Published
Jun 18, 2021
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://0xbadb00da.medium.com/account-takeover-via-stored-xss-with-arbitrary-file-upload-2774ec6cff51
RELATED WRITEUPS
Self-XSS to ATO via Site Features
XSSSelf-XSS
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
How 100% Manual Hacking (Without Even Kali And Burp) Led To 2 Medium Vulnerabilities On YesWeHack
XSS
Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities
XSSReflected XSS
Bypassing CSP via URL Parser Confusions : XSS on Netlify’s Image CDN
XSSCSP bypass

Built with ❤️ by Shubham Rawat