# An Issue is discoverd in Snipe-IT Version v6.0.2.
# This exploit allow you to upload malicious files on server.
# We found malicious file upload when we upload file at the People menu.
Proof of Concept
First, we login to the target application with admin privileges.
Then select People Menu and select User.
after that click Upload.
select malicious files to upload.
then select File Uploads Tab it will show malicious files
if someone try to download and open it the payload will be excuted.
We found the XSS!
Grim The Ripper Team by SOSECURE Thailand