文件上传html xss

How bypass it?

- Change filename [1.jpg] to [1.html].

- Change Content-Type [image/jpeg] to [plain/html].

- Payload: <script>alert(1)</script>