- Joined
- Aug 20, 2006
- Messages
- 13,000
The FCC was, unintentionally, letting users upload any file to their website and making that file publicly accessible through their domain due to an API slip-up: the first item submitted was a letter on official FCC letterhead apologizing for Ajit Pai being “such a filthy spineless cuck.”
People seem to be experimenting with different filetypes. So far, they have tried PDF/GIF/ELF/EXE/MP4 files up to 25MB in size, which means you could easily host malware on the FCC.gov website right now and use it in phishing campaigns that link to malware on a .gov website. People have discovered that you can upload video and play it back using an FCC.gov link, though some have been having trouble uploading, while others playing with the vulnerability are clearly not.
People seem to be experimenting with different filetypes. So far, they have tried PDF/GIF/ELF/EXE/MP4 files up to 25MB in size, which means you could easily host malware on the FCC.gov website right now and use it in phishing campaigns that link to malware on a .gov website. People have discovered that you can upload video and play it back using an FCC.gov link, though some have been having trouble uploading, while others playing with the vulnerability are clearly not.