coelner/hacktricks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #309 from RandomVersion/master

Browse Source 
fix typo
This commit is contained in:
Carlos Polop 2022-03-18 01:10:03 +00:00 committed by GitHub
commit 336f4ee814
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pentesting-web/file-upload/README.md
View File

@ -132,7 +132,7 @@ Note that **another option** you may be thinking of to bypass this check is to m
* Set **filename** to `../../../tmp/lol.png` and try to achieve a **path traversal**
* Set **filename** to `sleep(10)-- -.jpg` and you may be able to achieve a **SQL injection**
* Set **filename** to `<svg onload=alert(document.comain)>` to achieve a XSS
* Set **filename** to `<svg onload=alert(document.domain)>` to achieve a XSS
* Set **filename** to `; sleep 10;` to test some command injection (more [command injections tricks here](../command-injection.md))
* [**XSS** in image (svg) file upload](../xss-cross-site-scripting/#xss-uploading-files-svg)
* **JS** file **upload** + **XSS** = [**Service Workers** exploitation](../xss-cross-site-scripting/#xss-abusing-service-workers)