|
Task Description
Description
The application allows users to upload files without properly validating the file content and type. An attacker can upload a malicious file (such as an HTML, SVG, or disguised image file) containing embedded JavaScript code. When the uploaded file is later accessed or rendered by other users, the malicious script executes in their browser context.
Because the payload is stored on the server and executed whenever the file is viewed, this issue qualifies as Stored (Persistent) XSS.
Impact
A successful Stored XSS attack may allow an attacker to:
Execute arbitrary JavaScript in victims’ browsers
Steal session cookies or authentication tokens
Perform actions on behalf of authenticated users
Deface application content
Deliver phishing payloads
Escalate to account takeover depending on session handling
This vulnerability affects all users who view or access the uploaded file, increasing its severity compared to reflected XSS.
Steps to Reproduce
Navigate to a file upload functionality.
Create a malicious file, for example:
<script>alert(document.domain)</script>
Save it as:
xss.pdf
Upload the malicious file through the application.
Access the uploaded file directly or via the application interface.
Observe that the JavaScript payload executes in the browser.
|
