Hi blokes.
I was wondering, how to gain browser control given an insecure upload, but there is the tricky part the system is built in csharp. I can upload html but not aspx, cshtml
I’m very aware that csharp is compiled
Did you actually do some research before coming here? Enlighten us a little!
@elated-colden If this topic is solved, please mark it as such by checking the solution chart at the bottom of the post you consider that properly answers your question. If not, please update the post with fuhrer information about the issue and/or the proposed solutions of the participants.
Sorry for the late answer. Yes it can be done somehow by mere manipulation of the Browser Object Model and Document object Model.My superior show me how.
Greetings
the solution should be documented here. that’s precisely the point of this community
1 Like
Here are some links that could work in that scenario:
First an XSS reverse shell that works if you can upload files:
This only will take control of the user’s tab where the infected code is loaded but you can extract session cookies and load a login prompt to make the user type their credentials.
XSS to RCE in Nodejs:
https://matatall.com/xss/rce/bugbounty/2015/09/08/xss-to-rce.html
2 Likes