BoofSec/anonfiles-xss-0day

anonfiles.com XSS 0day exploit

anonfiles XSS 0day

Cross-site scripting 0day exploit for anonfiles.com

Description

anonfiles is an anonymous file upload site. With a smaller configuration mistake on the site, it's possible to upload SVG files with embedded JavaScript code, that will get executed upon clicking 'DOWNLOAD'.

Author

cs:

• GitHub
• Twitter
• Telegram
• Discord: cs#0001 | 806059275678908418

Date

The vulnerability was discovered and exploit was developed on 21/10/2021, and made public on 20/12/2021.

 '||''|.                     .'|.  .|'''.|                  
  ||   ||    ...     ...   .||.    ||..  '    ....    ....  
  ||'''|.  .|  '|. .|  '|.  ||      ''|||.  .|...|| .|   '' 
  ||    || ||   || ||   ||  ||    .     '|| ||      ||      
 .||...|'   '|..|'  '|..|' .||.   |'....|'   '|...'  '|...' 

GitHub · Twitter · Instagram · Website