Thursday, December 24, 2015

Local File XSS Vulnerability in (Write Up)

Friday, December 18, 2015 around 3 AM midnight. I was about to write a blog post for my Year in Review 2015 and because of that, I found a Local File XSS Vulnerability. I called this as "Local File XSS" because the XSS came from the localhost.

3 AM of December 18, 2015 while writing a blog post, I found a HTML file in my desktop. I opened the file on sublime and found out that it was encoded with XSS Payload then opened it on my browser. I accidentally drag the broken images cause by XSS payload to the Wordpress editor box and luckily found a Cross Site Scripting.

Proof of Concept

Local File XSS Vulnerability in
Local File XSS Vulnerability in


Reported: 2015-12-17 05:19:12 +0800

Status: Duplicate

I hope you enjoy this article.

Happy Holidays,

Evan -

Please don't forget to leave a comment or share this article.

Have patience. All things are difficult before they become easy.


1 comment:

  1. nice one sir Evan, ganyan din po ung nahanap ko na bug sa Google Docs :)