File Upload Restriction Bypass leading to Stored XSS Vulnerability, by leveraging file extension vbhtm, vbhtml, soap, even any extension ends with html (e.g. aahtml, bbhtml)
Step 1) Access https://www.showdoc.com.cn/attachment/index
Step 2) Prepare a file with content below and named as xss.vbhtm to upload
<script>alert(1)</script>
Step 3) Click check
XSS will be triggered
An attacker could leverage this to perform social engineering and thereby stealing victim’s cookie etc.