How I found Bug in SABAH.GOV.MY [Arbitrary File Upload] | Ungku Nazmi

Reporting How I found Bug in SABAH.GOV.MY [Arbitrary File Upload]

Published on | Classified in | heat

Be yourself use your brain

Anything u learned from the Blog just for research and educational purposes only Do not use the knowledge for illegal things.

[Risk Factors]

An arbitrary file upload vulnerability is a type of security flaw that allows an attacker to upload malicious files onto a server. This can be done by exploiting a vulnerability in a web application that doesn't properly validate the file type or by tricking the user into uploading a malicious file.

File upload vulnerabilities are when a web server allows users to upload files to its filesystem without sufficiently validating things like their name, type, contents, or size.

[Website Information]

Able to register as normal user.

[Vulnerability to reproduce]

1

2

3

4

5

6
 
Vulnerable : https://***********.SABAH.GOV.MY

Vulnerable : https://*******.SABAH.GOV.MY

Vulnerable : http://*******.****.SABAH.GOV.MY

Vulnerable : https://******.SABAH.GOV.MY

Register And Upload File Bypass...

Successfully Shelled...

This allows attackers to upload malicious files to the web server, which can then be executed by other users or the server itself.

and Unfortunately, I'm able to Bypass the File Upload Enter into thier server

[DISCLAIMER]

This issue has been reported to Cyber999 Team the bug had already been fixed..


Sorry about my english, is so bad😅
If you have any questions or suggestions, make sure to hit me in any of these mediums or the comments.


Thanks for reading.