Back to directory
WRITEUP #6614

Chaining file upload bypass and stored XSS to create admin accounts

WriteupXSSFile Upload
by@kurtisebearUK(Kurtis Baron)
Program
Private Program
Published
Mar 28, 2026
Added to HackDex
Mar 31, 2026
Read Full Writeuphttps://kurtisebear.com/2026/03/28/chaining-file-upload-xss-admin-compromise/
RELATED WRITEUPS
Self-XSS to ATO via Site Features
XSSSelf-XSS
How 100% Manual Hacking (Without Even Kali And Burp) Led To 2 Medium Vulnerabilities On YesWeHack
XSS
Spip Preauth RCE 2024: Part 2, A Big Upload
RCEFile upload
Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities
XSSReflected XSS
Bypassing CSP via URL Parser Confusions : XSS on Netlify’s Image CDN
XSSCSP bypass

Built with ❤️ by Shubham Rawat