XSS via mime sniffing on .dat files

XSS via mime sniffing on .dat files

26th September 2019, 3:48 am

There is a vulnerability in Composr's storage of uploads as .dat files on servers. A hacker could plant code with JavaScript, then trick an administrator to running it on their machine.

This is a low-to-medium risk vulnerability. With planning, creativity, and coordination, this could result in a hacker attaining various malicious outcomes. JavaScript code does not have access to files on a user's own computer, but it can be used to automate privileged web page actions on the website it is running on.

1 guest and 0 members have just viewed this.
Control functions:

Statistics

Forum statistics:
  • 2,051 topics, 7,194 posts, 10,824 members
  • Our newest member is gracenayjanjoh
Birthdays:
Back to Top