File Upload XSS Vulnerability in Mediafire

Sponsored Links
An Information Security Researcher , Mahadev Subedi, from coolpokharacity.com has claimed to have discovered a Persistent Cross site scripting vulnerability in the Mediafire website(mediafire.com)

It seems like the vulnerability exists in the File uploading feature in the Mediafire.  The developers fails to sanitize the file name of the uploaded file.

Persistent xss vulnerability in Mediafire

"Whenever we upload file names containing encoded or decoded malicious XSS codes, it results in Cross Site Scripting ." The researcher said in the email.

For instance, if you create a file name with this code and upload it , it results in xss: 
"><img src=x onerror=alert(1)>.jpg.txt
Recently A security Researcher Frans Rosén discovered similar kind of vulnerability in the DropBox .
Category: / / / /

Share this with Your friends: