Wednesday 25 December 2013

waze arbitrary file upload

Waze is one of the world's largest community-based traffic and navigation app which was acquired by Google on June 11, 2013. And Google opens up responsible disclosure for their acquired websites. So I thought of trying my hands over it.

While I was scrolling around the pages, I found the Waze wiki which allowed users to upload files :]

When I tried uploading a PHP file, the response was 

Files of the MIME type "application/x-php" are not allowed to be uploaded

Well, so the website is filtering files type by checking the MIME type. So no use of uploading arbitrary files by extension spoofing ... HMMMMMM

Then again, something struck my mind. What  more MIME types are filtered?? 
So I tried uploading an SWF file. BINGOOOOO!!!!!

SWF files are not filtered >:)

So what bad I can do ??

Aaahhaahhh, execute an XSS with a vulnerable SWF file ;-)

Aweee yeahhh!!

Now they have fixed the bug :)

And they sent a 100$ reward for this :D, and my name will be listed in their reward hall of fame :)

Shashank (@cyberboyIndia)

No comments: