Complete Web Server Access

Saad Ahmed
Jun 15, 2019 · 2 min read

Hi guy I am back with another POC that I found in PRIVATE program on bugcrowd let get started. So let assume the SITE name I was testing the main website and after crawling I come to know that the server is WINDOWS

I didn’t find any thing on the main website so started to find It’s subdomains after spending alot of time i found a interesting I created a account on it there is only one functionality that you can report some issue you faced in the website

I was testing the browser functionality where you can upload only IMG files. The website only accepting only IMG files & then I see the source

var allowedImageExtensionList=[“.bmp”, “.gif”, “.jpeg”, “.jpg”, “.png”]

This is JS client side validation so Iused FIREFOX extension using that I turn of the JS. Since this is a WINDOWS server i upload .ASPX shell and get access to website after getting access to the website I saw that I have ROOT access & able to control all the website on that server. But I found few different websites on that server & I am confused I dont know why.

So I made a quick report the reported that issue to the team & got this response which clear my confusion :D

Image for post
Image for post

I hope you guys like it please comment below if you want to give suggestion

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store