Very damn vulnerable government site 2.0

Disclaimer: The content shared herein is intended solely for educational
purposes, offensive security research, and hacking investigations. Any
unauthorized or illegal use of the information provided is strongly
discouraged.

What’s up hackers!!

A few days ago I was wandering around Shodan and found a government site that, in my opinion, is a very important government institution. Doing some recursive fuzzing I found that this site has an endpoint which appears to be a web page image file manager.

Guess what?

Yep! No password, auth, however you want to call it, to access this image file manager.

At the top you can see some functionalities (Upload, Refresh, Settings, etc), well, I decided to create an image and upload it to the server, just to see if I was able to do it.

Image created (damn.png)Image uploaded

Image Uploaded successfully, no restrictions, no auth, no errors, no nothing.

Nice!

A malicious hacker can go to the any section, look for which route the image pointed to. Knowing what the path was, can go to the image file manager, search for the path, replaced the image with his image and success!

Reflected image.

Cybersecurity is a critical component in the functioning of government institutions. These entities handle massive amounts of confidential and sensitive information, ranging from citizens’ personal data to national security information. Protecting this data from unauthorized access, manipulation, and cyber-attacks is essential to maintaining public trust, the integrity of government services, and national stability.

Security vulnerabilities, such as the lack of authentication in critical systems, can have devastating consequences. In the scenario described, the absence of an authentication system in an image file manager of a government website presents several serious risks:

Website Defacement: An attacker can replace legitimate images with malicious or defacing content, affecting the reputation and credibility of the institution.Malware Distribution: Uploaded images or files could contain malicious code that could compromise the systems of the website’s visitors.Unauthorized Access to Information: An attacker might explore further vulnerabilities within the same system, gaining access to confidential information stored on the server.Service Disruption: The integrity and availability of the website and related services could be compromised, leading to a loss of functionality and public trust.