Created
February 28, 2017 20:33
-
-
Save ivanvza/4d309f77d75923ead4aee62d4d517076 to your computer and use it in GitHub Desktop.
Jquery Upload
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Some sites, make use of a file upload feature. | |
| This has happed to me where I know about the upload, but for whatever reason I can not access/execute it. | |
| So by knowing the upload path, example: scripts/upload.php, I can just add the below HTML (e.g. via burpsuite) when the server responds with the HTML. | |
| <link href="http://hayageek.github.io/jQuery-Upload-File/4.0.10/uploadfile.css" rel="stylesheet"> | |
| <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script> | |
| <script src="http://hayageek.github.io/jQuery-Upload-File/4.0.10/jquery.uploadfile.min.js"> | |
| </script> | |
| <div id="fileuploader">Upload</div><script> | |
| $(document).ready(function(){ | |
| $("#fileuploader").uploadFile({ | |
| url: "scripts/upload.php", | |
| returnType: "json", | |
| showDelete: false, | |
| showDone: true, | |
| showProgress: true, | |
| filename: "file" | |
| }); | |
| }); | |
| </script> | |
| By injecting the above function, it will save you ALL the hastle of adding cookies and stuff when doing th upload, seeing as you are still techincally on the site.:) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment