Wednesday, 25 December 2013

waze arbitrary file upload

Waze is one of the world's largest community based traffic and navigation app which was acquired by Google June 11, 2013 . And Google opens up responsible disclosure for their acquired websites . So I thought of trying my hands over it.

While I was scrolling around the pages I found the waze wiki which allowed users to upload files :]

When I tried uploading a PHP file, the response was 

Files of the MIME type "application/x-php" are not allowed to be uploaded

Well so the website is filtering files type by checking the MIME type . So no use of uploading arbitrary files by extension spoofing ... HMMMMMM

Then again something stroke my mind . What  more MIME types are filtered?? 
So I tried uploading a SWF file. BINGOOOOO!!!!!

Swf files are not filtered >:)

So what bad I can do ??

Aaahhaahhh execute an Xss with a vulnerable swf file ;-)

Aweee yeahhh

Now they have fixed the bug :)

And they sent a 100$ reward for this :D and my name will be listed in their reward hall of fame :)

Shashank (@cyberboyIndia)

1 comment:

Kamalesh Kumar said...

Nice post you are share here.This post is really informative and you have posted such precious and informative article which gave me lot of information. I hope that you will keep it up and we will have more informative and helping news from you. Once again thank you so much for your post. Best resume writing service resume help for those who seek help from them.