You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is done by specifying an image file extension in the uploaded file title (e.g., uploading my-script.js as my-script.png). The browser still processes this as the given file extension (e.g., .png), so it's not actually executing any code. However, the file is able to be hosted, which feels like a vulnerability.
The text was updated successfully, but these errors were encountered:
This is done by specifying an image file extension in the uploaded file title (e.g., uploading
my-script.jsasmy-script.png). The browser still processes this as the given file extension (e.g.,.png), so it's not actually executing any code. However, the file is able to be hosted, which feels like a vulnerability.The text was updated successfully, but these errors were encountered: