Python: XSS using SVG file
https://www.ispeech.org/text.to.speech
The functionality of file upload is a key place where we should pay special attention to. What kind of files we should be given a special treatment?
Subscribe: https://www.youtube.com/c/KacperSzurekEN?sub_confirmation=1
It's been a while since Flash is past its prime. However, there are still browsers that allow you to display the swf files.
Most users probably associate flash with simple minigames popular a few years ago.
However, it has access to a large part of the browser's functionality - including the execution of JavaScript code.
So if we allow user to upload and display swf files in the browser, we must take into account the consequences.
Let's look at an example. I will use the file that has been prepared to execute such attacks.
I will send this file using Internet Explorer.
As you can see, after sending the file - a window appeared.
By modifying the parameter in the link - we can display our own code.
For example, using the eval parameter.
Twitter: https://twitter.com/kacperszurek
Website: https://security.szurek.pl/
Github: https://github.com/kacperszurek/
Icon made by Freepik, Smashicons from www.flaticon.com
#from0topentestinghero #security #python
2019-03-12 14:35:18
source
Gloss