zendesk, allows any arbitrary file to uploaded. This highly makes application vulnerable to several type of attacks. I found that by domain/application is vulnerable because it allows all type file to be uploaded while creating a ticket. As you can see in attached image, I've uploaded firefox installer.exe.
As an impact, attacker can exploit this vulnerability in many ways to perform malicious activity. Attacker can create a ticket and upload malware(virus, worm, ransomware etc.). Later, when the ticket is handled by support person, he/she will check the ticket and open the file. This file can be installed in the system and perform many malicious activities. It can compromise the system, and/or entire network depend on the malware.
Ideally as a solution, only limited set/type of files should be allowed for upload such as jpg, png, .txt etc. Kindly let me know your feedback on this, and if this falls in your scope.
Security is not a choice any more and this should be implemented/fixed ASAP.
Please sign in to leave a comment.