XSS Through File Upload [Attribute-Value]

XSS Through File Upload Attribute Value
Add Product Details
Database Table holding product details
View Product Details
Image has “Title” Attribute which was storing “product description”
Stored Malicious XSS Payloads as an attribute value in product description web field
Record 4 added recently with malicious payload
XSS Payload Executed Successfully
View from Developer tools by pressing f12

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store