Flowdock XSS or RCE(malicious file upload)

One day I accidentally uploaded a .pdf filetype on https://www.flowdock.com/oauth/applications page. it was successfully uploaded. So I tried to upload some arbitrary filetype, But flowdock rejected it. Flowdock backlisted all arbitrary content-type such as text/HTML, application/x-asp, application/x-perl. … etc.. and flowdock also checked the signature of a file that used to identify if the file is a real image or not.

Error message when I tried to upload a shell!

ohh

If we want to upload our shell or HTML-XSS PoC, we need to upload a real image that contains our XSS/RCE payload. I changed the EXIF header of the image and upload the file.

ohh

RESULT:

ohh

ohh

YEHH!