Search...

Microsoft Word Document Upload to Stored XSS: A Case Study

2018-05-09T17:40:57

ID COALFIRE:0A22FF581F74BC240DCA99BA8F841718
Type coalfire
Reporter The Coalfire Blog
Modified 2018-05-09T17:40:57

Description

Anytime I see a file upload form during an application test, my attention is piqued. In a best-case scenario, I can upload a reverse shell in a scripting language available on the webserver. If the application is running in PHP or ASP for example, it becomes quite easy. If I can't get a backdoor uploaded, I will attempt to try to upload an HTML page to get my own client-side javascript uploaded for XSS attacks.

JSON Vulners Source

Initial Source

{"id": "COALFIRE:0A22FF581F74BC240DCA99BA8F841718", "type": "coalfire", "bulletinFamily": "blog", "title": "Microsoft Word Document Upload to Stored XSS: A Case Study", "description": "Anytime I see a file upload form during an application test, my attention is piqued. In a best-case scenario, I can upload a reverse shell in a scripting language available on the webserver. If the application is running in PHP or ASP for example, it becomes quite easy. If I can't get a backdoor uploaded, I will attempt to try to upload an HTML page to get my own client-side javascript uploaded for XSS attacks.", "published": "2018-05-09T17:40:57", "modified": "2018-05-09T17:40:57", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.coalfire.com/the-coalfire-blog/may-2018/microsoft-word-document-upload-to-stored-xss?feed=blogs", "reporter": "The Coalfire Blog", "references": [], "cvelist": [], "lastseen": "2020-08-07T08:49:50", "viewCount": 0, "enchantments": {"score": {"value": -0.4, "vector": "NONE", "modified": "2020-08-07T08:49:50", "rev": 2}, "dependencies": {"references": [], "modified": "2020-08-07T08:49:50", "rev": 2}, "vulnersScore": -0.4}}