Anything u learned from the Blog just for research and educational purposes only Do not use the knowledge for illegal things.
[Risk Factors]
A local file upload vulnerability where an application fails to verify the contents of an uploaded file, allows an attacker to upload a malicious file to the web server or application.
File upload vulnerabilities are when a web server allows users to upload files to its filesystem without sufficiently validating things like their name, type, contents, or size.
[Website Information]
Able to register as normal user.
[Vulnerability to reproduce]
1 |
Vulnerable : https://******.MOE.GOV.MY |
This allows attackers to upload malicious files to the web server, which can then be executed by other users or the server itself.
and Unfortunately, I'm able to Bypass the File Upload Enter into thier server and check to take over more than 197 subdomain MOE.GOV.MY
197 MOE.GOV.MY subdomain
MOE.GOV.MY subdomain take over checked
For POC send reported xD
[DISCLAIMER]
This issue has been reported to Cyber999 Team the bug had already been fixed..
Sorry about my english, is so bad😅
If you have any questions or suggestions, make sure to hit me in any of these mediums or the comments.
Thanks for reading.