Microsoft Word Document Upload to Stored XSS: A Case Study

ID COALFIRE:0A22FF581F74BC240DCA99BA8F841718
Type coalfire
Reporter The Coalfire Blog
Modified 2018-05-09T17:40:57


Anytime I see a file upload form during an application test, my attention is piqued. In a best-case scenario, I can upload a reverse shell in a scripting language available on the webserver. If the application is running in PHP or ASP for example, it becomes quite easy. If I can't get a backdoor uploaded, I will attempt to try to upload an HTML page to get my own client-side javascript uploaded for XSS attacks.