Users can be tricked into uploading unexpected files

2010-06-29T00:00:00
ID OPERA:958
Type opera
Reporter Opera
Modified 2010-06-29T00:00:00

Description

Plug-ins may be used to seed the system clipboard with paths to a target file, while the user may not expect that to be the contents of the clipboard. If the user can be convinced to focus a file input and paste the contents of the clipboard, the file can then be immediately uploaded without requiring the user's confirmation.