JHEV.GOV.MY Unrestricted File Upload Vuln | Ungku Nazmi

JHEV.GOV.MY Unrestricted File Upload Vuln

Published on | Classified in | heat

Be yourself use your brain

Website Information

1

2

3
 
https://k***********.JHEV.GOV.MY/k***********/

CWE-434: Unrestricted Upload of File

Vuln :https://k***********.JHEV.GOV.MY/k***********/********02.asp

The "unrestricted file upload" term is used in vulnerability databases and elsewhere, but it is insufficiently precise. The phrase could be interpreted as the lack of restrictions on the size or number of uploaded files, which is a resource consumption issue.

Bypass

As mentioned above, the site is a Subdomain for JHEV.GOV.MY, and I was able to access into the web (Public), which leads to injection vulnerabilities. The following process :

Access Web

1
 
Access : https://k***********.JHEV.GOV.MY/k***********/


Access Web

Register And Upload Files(Shell)

1
 
https://k***********.JHEV.GOV.MY/k***********/********02.asp


Register And Upload Files(Shell)

Shell Upload Success

1
 
Success Upload : https://*****.jhev.gov.my/*******/admin/web/shared/550307048956-DP-config.***?path=E:\******\


Shell Upload Success

CWE-434: Unrestricted Upload of File

1
 
I was able to view all file system on the server


CWE-434

Bug Reported


The bug had already been fixed. after my report CWE-434,
Sorry about my english, is so bad😅
If you have any questions or suggestions, make sure to hit me in any of these mediums or the comments.
Thanks for reading.