Waze Arbitrary File Upload

Waze is one of the world’s largest community based traffic and navigation app which was acquired by Google June 11, 2013 . And Google opens up responsible disclosure for their acquired websites . So I thought of trying my hands over it.

While I was scrolling around the pages I found the waze wiki which allowed users to upload files :]

When I tried uploading a PHP file, the response was

Files of the MIME type “application/x-php” are not allowed to be uploaded

Well so the website is filtering files type by checking the MIME type . So no use of uploading arbitrary files by extension spoofing … HMMMMMM
Then again something stroke my mind . What  more MIME types are filtered??
So I tried uploading a SWF file. BINGOOOOO!!!!!
Swf files are not filtered >:)

So what bad I can do ??

Aaahhaahhh execute an Xss with a vulnerable swf file 😉
Aweee yeahhh

Now they have fixed the bug 🙂

And they sent a 100$ reward for this 😀 and my name will be listed in their reward hall of fame 🙂

http://www.google.co.in/about/appsecurity/hall-of-fame/reward/