|
|
|
|
|
|
by kdbg
718 days ago
|
|
|
Reminds me a little of a stored XSS I read about last year. https://tttang-com.translate.goog/archive/1880/?_x_tr_sl=aut... Had that same root of not having the mime.types in the container, leading to server-side sniffing of the mime type for the Content-Type header. It's just a bit interesting the impact such a file can have |
|
|