.png)
2 months ago
39 BOOK THIS SPACE FOR AD
ARTICLE ADAfter thoroughly inspecting and exploring the website, I found the function responsible for changing the profile picture. This is one of my favorite functions because it can lead to the discovery of multiple vulnerabilities.
The first thing I attempted was uploading a shell.php file instead of a profile picture. However, I was unable to obtain a shell despite trying again and using every bypass technique I knew. In the end, I couldn’t succeed.
At that point, I didn’t give up. I took a few hours to rest due to my continuous efforts to get the shell.
Later, I tried uploading an image in SVG format, which was accepted by the website. This led me to consider four potential vulnerabilities: XXE, Stored XSS, SSRF, and Open Redirect.
I first attempted to find an XXE vulnerability but, unfortunately, I could not exploit it.
Then I focused on finding a Stored XSS vulnerability and was successful. You can find the report in my profile. :)
Next, I searched for an SSRF vulnerability and was also successful in finding it. You can find the report in my profile. :)
Steps to find the vulnerability:
I uploaded an SVG image, intercepted the request, injected my payload,
<svg onload="window.location='http://0vwsb0oeappr3l1za7as1agllcr3fy3n.oastify.com/'" xmlns="http://www.w3.org/2000/svg"></svg>
and completed the image upload process. Then I opened the image I had uploaded in a new tab.
And BOOOOOOOOOOOOOOOOOOM!
I successfully triggered Open Redirect.
Bengali (Bangladesh) · 
English (United States) ·