Complete Web Server Access

Saad Ahmed

Hi guy I am back with another POC that I found in PRIVATE program on bugcrowd let get started. So let assume the SITE name private.com I was testing the main website and after crawling I come to know that the server is WINDOWS

I didn’t find any thing on the main website so started to find It’s subdomains after spending alot of time i found a interesting helpdesk.private.com. I created a account on it there is only one functionality that you can report some issue you faced in the website

I was testing the browser functionality where you can upload only IMG files. The website only accepting only IMG files & then I see the source

var allowedImageExtensionList=[“.bmp”, “.gif”, “.jpeg”, “.jpg”, “.png”]

This is JS client side validation so Iused FIREFOX extension using that I turn of the JS. Since this is a WINDOWS server i upload .ASPX shell and get access to website after getting access to the website I saw that I have ROOT access & able to control all the website on that server. But I found few different websites on that server & I am confused I dont know why.

So I made a quick report the reported that issue to the team & got this response which clear my confusion :D

I hope you guys like it please comment below if you want to give suggestion
./LOGOUT

Saad Ahmed

Written by

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade