Description

first create two user accounts and grant them permission to access a same folder. In one of the accounts, generate a new item within the folder. Paste the payload XSS into this field, then save the item. Once saved, click on the item to activate an XSS alert.

To confirm the success of this action, log in to the other account and navigate to the shared folder. From here, use the mouse to drag the item and observe the XSS alert that appears. This confirms that the XSS payload has been successfully implemented within the shared folder, allowing for further testing and analysis as needed.

Proof of Concept

https://drive.google.com/file/d/149Kzyoc8tLLUuGUX3RYXFpsg2lNpowRf/view?usp=sharing