Wednesday, 25 December 2013

waze arbitrary file upload

Waze is one of the world's largest community-based traffic and navigation app which was acquired by Google on June 11, 2013. And Google opens up responsible disclosure for their acquired websites. So I thought of trying my hands over it.

While I was scrolling around the pages, I found the Waze wiki which allowed users to upload files :]

When I tried uploading a PHP file, the response was 

Files of the MIME type "application/x-php" are not allowed to be uploaded


Well, so the website is filtering files type by checking the MIME type. So no use of uploading arbitrary files by extension spoofing ... HMMMMMM


Then again, something struck my mind. What  more MIME types are filtered?? 
So I tried uploading an SWF file. BINGOOOOO!!!!!

SWF files are not filtered >:)

So what bad I can do ??

Aaahhaahhh, execute an XSS with a vulnerable SWF file ;-)


Aweee yeahhh!!

Now they have fixed the bug :)



And they sent a 100$ reward for this :D, and my name will be listed in their reward hall of fame :)

http://www.google.co.in/about/appsecurity/hall-of-fame/reward/



CHEERS
Shashank (@cyberboyIndia)




Thursday, 19 December 2013

Imgur xss

Imgur is an online image hosting service founded by Alan Schaaf in 2009 in Athens, Ohio. Imgur describes itself as "the home to the web's most popular image content, curated in real-time by a dedicated community through commenting, voting and sharing.
I spotted a cross-site scripting vulnerability in http://imgur.com/ on 6 FEB 2013.




I reported the issue to them on the very day I found it and the same day they replied. After 2-3 days the bug was fixed.



Cheers :)
Shashank

Wednesday, 4 December 2013

Capture the Xss

Everyone is aware of the CTF, and many of you might have been or still are active warriors of CTF. I spotted one XSS in their blog, and they fixed it the very day.

It was just a random hit as I was reading their blog and then observed the old version of the plupload file which had a know XSS bug.


This what actually happens when you get the bad habit of xssing everywhere.

Anyways they were happy, and even  I am :)







Cheers :)


Tuesday, 3 December 2013

Heroku Directory Transversal

Long back I spotted a Directory Traversal bug in Heroku.

"Heroku is a cloud platform is a cloud application platform – a new way of building and deploying web apps. Heroku was acquired by Salesforce.com in 2010."



They were quite quick and fixed it without delays


Later they even started their hall of fame page and included my name there :)
https://www.heroku.com/policy/security-hall-of-fame