File upload

File upload testing.

Tools:

Malicious PDF generator can be useful for creating malicious PDFs.

canary token can also be used for generating PDFs which will notify if any interactions happens.

YesWeHack File upload series:

I think it's one of the best written 2 part series for testing file upload functionalities

https://blog.yeswehack.com/yeswerhackers/exploitation/file-upload-attacks-part-1/
https://blog.yeswehack.com/yeswerhackers/file-upload-attacks-part-2/

Content type xss bypass

This user highlights that even by uploading a file of content-type video/mp2t they were able to bypass restrictions and webkit based browsers like safari for ios interpret it as html. which gives us xss.

Authentication Bypass in the Rest API via XSS on Safari and Chrome (iOS/iPhone only) - CrowdStream - Bugcrowdbugcrowd.com

linkedin: https://www.linkedin.com/feed/update/urn:li:activity:7358722803153453056/

PreviousOAuth 2.0 NextAPI testing

Last updated 1 month ago