anonfiles XSS 0day
Cross-site scripting 0day exploit for anonfiles.com
Description
anonfiles is an anonymous file upload site. With a smaller configuration mistake on the site, it's possible to upload SVG files with embedded JavaScript code, that will get executed upon clicking 'DOWNLOAD'.
Author
cs:
Date
The vulnerability was discovered and exploit was developed on 21/10/2021, and made public on 20/12/2021.
'||''|. .'|. .|'''.|
|| || ... ... .||. ||.. ' .... ....
||'''|. .| '|. .| '|. || ''|||. .|...|| .| ''
|| || || || || || || . '|| || ||
.||...|' '|..|' '|..|' .||. |'....|' '|...' '|...'