Clickjacking and XSS on file upload input?

I reported a self-xss on file uploader input to a bug bounty company and they said that they will only accept it if i can find a good clickjacking exploit for that input. My question is: Is it possible to make a clickjacking proof of concept on a file uploader input? This XSS trigger if i select a file named <script>alert(1)<.pdf as file to upload. Is it possible to make automatically load a file with a custom name inside of an iframed page file uploader input with just few clicks?

How would i read data from FLYxxx.DAT file extracted from DJI Mavic Pro 2 Zoom [closed]

I’ve extracted .DAT files from my DJI Mavic 2 zoom drone. I tried to open these files with DatCon but it didn’t recognize the file.

The signature of these files is different from that of .DAT files. The starting bytes of these files are the following

0x4c 0x4f 0x47 0x48 ( L O G H ) 

Here is the hex view of the starting bytes

enter image description here

How can i read information from this binary file ?

Any help would be appreciated. thank you.

Should I obfuscate/disguise (file) names in certificate exams?

I have 0 experience taking exams for security certificates. When I’m taking an exam for something like OSCP, should I obfuscate/disguise my files and names (like naming a file update.sh) to make it harder for “future testers and auditors” to find like a criminal would, or just make them obvious (naming a file exploit.sh) for the examiner(s) to understand my reports more easily, or does the naming of my files and folders (and variables and functions) not matter at all?

Why after dd’ing ISO file to entire USB flash device, only the first partition match the ISO checksum?

I use dd to “burn” an ISO file to USB stick:

dd bs=4M if=/mnt/media/ISO/Fedora-Workstation-Live-x86_64-31-1.9.iso   of=/dev/sdd conv=fdatasync  status=progress 

Now I can see several partitions has been created:

sdd      8:48   1   1.9G  0 disk  ├─sdd1   8:49   1   1.8G  0 part /run/media/alex/Fedora-WS-Live-31-1-9 ├─sdd2   8:50   1  10.6M  0 part  └─sdd3   8:51   1  22.2M  0 part  

Why only sdd1 matches the ISO checksum, not an entire drive? I checked files on other partitions, they contain this ISO related files..

Can a new SQL Loader field be defined before the data is actually available in the input file?

In the example below a new field, AOCN, will exist in some future input file.

AOCN is already defined in the Oracle table in anticipation, however positions 12..15 do not exist in current input files.

Can I pre-define the field in SQL Loader in anticipation of the future availability of the new field w/o causing an issue for input files where the positions (12:15) do not yet exist?

LOAD DATA

INFILE ‘G:\lerg\lerg16.dat’

TRUNCATE

INTO TABLE lerg_16

(

LRN position (1:10) NULLIF LRN=BLANKS,

STATUS position (11:11) NULLIF STATUS=BLANKS,

AOCN position (12:15) NULLIF AOCN=BLANKS

)

Can a virus that’s in a file stream infect a computer?

I have a java web application that accepts base64 image strings from users. These strings are first converted to a byte stream after which the stream is scanned for viruses. After that the file is stored as a resized version of the actual image.

My question is, when the file has been transformed from a base64 string to an in-memory byte stream and it happens to contain a virus, will that virus be able to escape the byte stream and infect the rest of the server? Or can it only do that after the stream has been transformed to a file stored on disk?

Reverse Engineering a binary file

I have started reading into reverse engineering binary files and was hoping if someone could help me understand how to reverse engineer a file using gdb. I found this example Secret binary on the internet which I thought would be good start. I know basic functions to get all the function name and to disassemble but I could not solve it. It has a secret string hidden somewhere. Can someone help?

Risk of contamination when network discovery is on + file sharing password?

We use the Windows 10 file/folder sharing feature to share files between two computers (A and B) that are on the same wifi network. In this network there are several infected computers (computers C).

Computer A and B are on Windows 10 and up to date and Windows firewall is on. Some computers infected are on Windows 7. It’s a home network (not work or public network).

To protect the computers this link recommends that we turn off file sharing and network discovery. But without “Network discovery” we can’t share the file between A and B…

So we turned on “Network discovery” and protected the files sharing between A and B with a strong password.

Is there still a risk being contaminated by computers C? How?