Disabling js for the win

,or how reading the html code w/ care lead to rce through file upload

Javascript. Used practically everywhere, even in your washing machine (this is a joke, I think (: ) And if you really want to know how unavoidable it is just turn off js globally using either extension or manually, and try using any of the popular websites — good luck with that :) I mean, I had js disabled globally some time ago, and I have obvious websites whitelisted for js, which means that every now and again I find myself visiting some website that heavily relies on js, to the point where it’s impossible to read its content without enabling js. But, it has lead me to accessing various admin panels without logging in, if the website relied on js to determine if you should be redirected to the login screen or admin panel (which in most cases is just access to the design/layout of the admin panel without any functionality that relies on authenticated access), but this article is about the recent bug hunt session where I found a functional file upload area that was hidden by the devs instead of being fully removed or better protected. It does require authenticated access though, but even as an authenticated user, the js code verifies if you’re on that page and if so for some reason dev(s) decided to hide the file upload form. Why? Perhaps they knew that a bug was present? Or it was meant to be under construction/patching process?

Step 1 — Disable js