Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-25 22:20:43 +00:00
Code Issues Projects Releases Packages Wiki Activity

fix typo

Browse source
This commit is contained in:
RandomVersion 2022-03-08 11:20:32 +02:00 committed by GitHub
parent a3edb41203
commit 0cc8c5d5e7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pentesting-web/file-upload/README.md
View file

@ -132,7 +132,7 @@ Note that **another option** you may be thinking of to bypass this check is to m
* Set **filename** to `../../../tmp/lol.png` and try to achieve a **path traversal**
* Set **filename** to `sleep(10)-- -.jpg` and you may be able to achieve a **SQL injection**
* Set **filename** to `<svg onload=alert(document.comain)>` to achieve a XSS
* Set **filename** to `<svg onload=alert(document.domain)>` to achieve a XSS
* Set **filename** to `; sleep 10;` to test some command injection (more [command injections tricks here](../command-injection.md))
* [**XSS** in image (svg) file upload](../xss-cross-site-scripting/#xss-uploading-files-svg)
* **JS** file **upload** + **XSS** = [**Service Workers** exploitation](../xss-cross-site-scripting/#xss-abusing-service-workers)