commit
336f4ee814
@ -132,7 +132,7 @@ Note that **another option** you may be thinking of to bypass this check is to m
|
||||
|
||||
* Set **filename** to `../../../tmp/lol.png` and try to achieve a **path traversal**
|
||||
* Set **filename** to `sleep(10)-- -.jpg` and you may be able to achieve a **SQL injection**
|
||||
* Set **filename** to `<svg onload=alert(document.comain)>` to achieve a XSS
|
||||
* Set **filename** to `<svg onload=alert(document.domain)>` to achieve a XSS
|
||||
* Set **filename** to `; sleep 10;` to test some command injection (more [command injections tricks here](../command-injection.md))
|
||||
* [**XSS** in image (svg) file upload](../xss-cross-site-scripting/#xss-uploading-files-svg)
|
||||
* **JS** file **upload** + **XSS** = [**Service Workers** exploitation](../xss-cross-site-scripting/#xss-abusing-service-workers)
|
||||
|
Loading…
Reference in New Issue
Block a user