Which is exactly what I have done in newest XSS-Track. Now you can append files=1 parameter to script URL (e.g. http://evil.example.com/track.js?files=1 ) and it will monitor the site for any <input type="file" /> elements. When you change() them (e.g. by choosing a file from your hard-drive), it will quietly start uploading the chosen file meta-data (name, size, MIME type) and file contents to log.php.
As the user will be doing twice as much uploads (one for legitimate site, one for us), XSS-Track does not wait for the form to be actually submitted, but it starts quietly uploading as soon as the field changes.
SupportThis works also for <input type="file" multiple />. Currently supporting browsers that I'm aware of are:
- FF 3.6 (meta-data only)
- FF 4.0
- ... and many more in the future as HTML5 is coming :)
DemoGo on, try it now!
Payload (paste into textarea):
Monitoring (you will only see your own IP actions):