Bugs that could be accessed with the File Upload Functionality include:
1. ASP/ASPX/PHP5/PHP/PHP3:- WEBSHELL / RCE
2. SVG:- Stored Xss/ Ssrf
3. GIF:- Stored Xss
4. CSV:- CSV Injection
5. XML:- Xxe
6. AVI :- LFI/ Ssrf
7. HTML/JS :- Html Injection / Xss / Open Redirect
8. PNG/JPEG :- Pixel Flood Attack
9. Zip :- RCE via LFI
10. PDF/PPTX :- Ssrf/ Blind Xxe
Comments
Post a Comment