Chaining file upload bypass and stored XSS to create admin accounts: walkthrough with Docker PoC lab
https://kurtisebear.com/2026/03/28/chaining-file-upload-xss-admin-compromise/
Chaining file upload bypass and stored XSS to create admin accounts
Two medium-severity findings chained into full admin compromise on a SaaS pen test. Attack walkthrough, Docker PoC lab, and fixes.
/r/netsec