Search This Blog

File Upload XSS Vulnerability in Mediafire

A Information Security Researcher , Mahadev Subedi has claimed to have discovered a Persistent Cross site scripting vulnerability in the Mediafire website
An Information Security Researcher , Mahadev Subedi, from coolpokharacity.com has claimed to have discovered a Persistent Cross site scripting vulnerability in the Mediafire website(mediafire.com)

It seems like the vulnerability exists in the File uploading feature in the Mediafire.  The developers fails to sanitize the file name of the uploaded file.

Persistent xss vulnerability in Mediafire

"Whenever we upload file names containing encoded or decoded malicious XSS codes, it results in Cross Site Scripting ." The researcher said in the email.

For instance, if you create a file name with this code and upload it , it results in xss: 
"><img src=x onerror=alert(1)>.jpg.txt
Recently A security Researcher Frans Rosén discovered similar kind of vulnerability in the DropBox .
Share it:

Breaking News

Information Security News

Persistent Cross Site Scripting

Vulnerability

XSS Vulnerability