Ez SHELL UPLOADS FOR ALL GAYS( EXTENDING XSS TO SHELL UPLOAD)

[37]

nice share

[52]

**Extending XSS to upload Shell in a Website By** @Pentester708
 
Been wandering around couple sites(Sunday be like). Found one, vulnerable to XSS.
XSS is much like SQL Injection , it is Javascript Injection(Pretty much straight eh)
 
Now instead of uploading some Phishing , CSRF payloads . I Injected an uploader payload.
The site was not having any upload feature but after i injected my payload, Anyone can upload anything(exe,php,bat,what not) to it, which will be stored and executed on the Server Level.
 
**I wonder what would you guys have uploaded ?**
Well I did the harder part for yal. Play around uploading your shells 
You can get to your uploaded shells by adding its name in the URL after uploading
 
Site Fuzzed:

nigga balls

[31]

ill try this

[16]

thanks for share

[57]

easy...

[52]

**Extending XSS to upload Shell in a Website By** @Pentester708
 
Been wandering around couple sites(Sunday be like). Found one, vulnerable to XSS.
XSS is much like SQL Injection , it is Javascript Injection(Pretty much straight eh)
 
Now instead of uploading some Phishing , CSRF payloads . I Injected an uploader payload.
The site was not having any upload feature but after i injected my payload, Anyone can upload anything(exe,php,bat,what not) to it, which will be stored and executed on the Server Level.
 
**I wonder what would you guys have uploaded ?**
Well I did the harder part for yal. Play around uploading your shells 
You can get to your uploaded shells by adding its name in the URL after uploading
 
Site Fuzzed:

ty

[18]

**Extending XSS to upload Shell in a Website By** @Pentester708
 
Been wandering around couple sites(Sunday be like). Found one, vulnerable to XSS.
XSS is much like SQL Injection , it is Javascript Injection(Pretty much straight eh)
 
Now instead of uploading some Phishing , CSRF payloads . I Injected an uploader payload.
The site was not having any upload feature but after i injected my payload, Anyone can upload anything(exe,php,bat,what not) to it, which will be stored and executed on the Server Level.
 
**I wonder what would you guys have uploaded ?**
Well I did the harder part for yal. Play around uploading your shells 
You can get to your uploaded shells by adding its name in the URL after uploading
 
Site Fuzzed:

oky nice

[7]

**Extending XSS to upload Shell in a Website By** @Pentester708
 
Been wandering around couple sites(Sunday be like). Found one, vulnerable to XSS.
XSS is much like SQL Injection , it is Javascript Injection(Pretty much straight eh)
 
Now instead of uploading some Phishing , CSRF payloads . I Injected an uploader payload.
The site was not having any upload feature but after i injected my payload, Anyone can upload anything(exe,php,bat,what not) to it, which will be stored and executed on the Server Level.
 
**I wonder what would you guys have uploaded ?**
Well I did the harder part for yal. Play around uploading your shells 
You can get to your uploaded shells by adding its name in the URL after uploading
 
Site Fuzzed:

thx