Merge pull request HackTricks-wiki#309 from RandomVersion/master

fix typo
loretanr · Mar 18, 2022 · 336f4ee · 336f4ee
2 parents 7caada1 + 0cc8c5d
commit 336f4ee
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/pentesting-web/file-upload/README.md b/pentesting-web/file-upload/README.md
@@ -132,7 +132,7 @@ Note that **another option** you may be thinking of to bypass this check is to m
 
 * Set **filename** to `../../../tmp/lol.png` and try to achieve a **path traversal**
 * Set **filename** to `sleep(10)-- -.jpg` and you may be able to achieve a **SQL injection**
-* Set **filename** to `<svg onload=alert(document.comain)>` to achieve a XSS
+* Set **filename** to `<svg onload=alert(document.domain)>` to achieve a XSS
 * Set **filename** to `; sleep 10;` to test some command injection (more [command injections tricks here](../command-injection.md))
 * [**XSS** in image (svg) file upload](../xss-cross-site-scripting/#xss-uploading-files-svg)
 * **JS** file **upload** + **XSS** = [**Service Workers** exploitation](../xss-cross-site-scripting/#xss-abusing-service-workers)