✍️ Description

The web server is vulnerable to Cross-site scripting. An attacker can host a file with an XSS payload as the file name. When a user visits the web server address, the javascript will be executed in the browser.

This is due to improper sanitization.

🕵️‍♂️ Proof of Concept

- Create a file with filename - `<img src=x onerror=alert(document.domain)>`
- Start the web server (https://github.com/thecoshman/http)
- Visit the web address (port 8000 by default)

The javascript will be executed and you'll see an alert box pop up.

Image PoC - https://drive.google.com/file/d/1qs69JEiZVgbvkcgCtWQAziIA7CBLzs4A/view?usp=sharing

💥 Impact

This vulnerability is capable of making an attacker execute javascript code inside the victim browsers.