The Coalfire Labs Blog

Welcome to the Coalfire Labs Blog, a resource covering the most important issues in IT security and compliance.  The Coalfire Labs blog is written by the company's leadership team and our highly-credentialed security assessment experts.


  • Microsoft Word Document Upload to Stored XSS: A Case Study

    May, 2018, Esteban Rodriguez, Consultant, Coalfire Labs, Coalfire

    Anytime I see a file upload form during an application test, my attention is piqued. In a best-case scenario, I can upload a reverse shell in a scripting language available on the webserver. If the application is running in PHP or ASP for example, it becomes quite easy. If I can’t get a backdoor uploaded, I will attempt to try to upload an HTML page to get my own client-side javascript uploaded for XSS attacks.

Top