Dropbox allows you to upload HTML and SWF files and view them online on your browser and on IOS app.
BlackHat Hackers knows how to exploit it with indirect hacking methods ( social engineering and phishing )
Here is a POC Video:
Dropbox refused to fix it and their reply was:
Jun 09 11:04
Sorry for the delay. Our security team has reviewed your report and has decided that this does not pose a security threat to Dropbox users.
This method would require a user to upload a malicious file onto their own account and then execute it. While it is possible to share a malicious html file to a user and have it executed in a similar manner, this is not considered a security vulnerability. Also, this issue is well mitigated by the fact that the file is hosted on dl-web.dropbox.com, and not on www.dropbox.com.
While it’s not considered a security vulnerability, the security team thanks you for your feedback on this issue and may provide a fix for it at a later date. If there is something we have overlooked please let me know.
We look forward to receiving reports from you in the future.
My Ethical Hacking course on Udemy.com: