Upload Image Remotely from Rest API using JWT Authorization INVALID_AUTHORIZATION_HEADER_TOKEN_TYPE

Trying to upload images into my media gallery programatically from my local machine to webserver.

Using this function here to get the JWT token along with the
WordPress REST API Authentication plugin to initialize JWT:

function get_jwt_token_wp(): ?string {     $  request_url = 'https://example.com/wp-json/api/v1/token';      $  api = curl_init();      $  username = 'admin';     $  password = 'password';     //set the url, POST data     curl_setopt( $  api, CURLOPT_URL, $  request_url );     curl_setopt( $  api, CURLOPT_POST, 1 );     curl_setopt( $  api, CURLOPT_POSTFIELDS, "username=$  username&password=$  password" );     curl_setopt( $  api, CURLOPT_VERBOSE, 1);     curl_setopt( $  api, CURLOPT_RETURNTRANSFER, 1 );      $  server_output = curl_exec ($  api);     printr(curl_getinfo($  api));     if ($  server_output === false) {         die('Error getting JWT token on WordPress for API integration.');     }     $  server_output = json_decode($  server_output);      if ($  server_output === null && json_last_error() !== JSON_ERROR_NONE) {         die('Invalid response getting JWT token on WordPress for API integration.');     }      if (!empty($  server_output->jwt_token)) {         $  jwt_token = $  server_output->jwt_token;         curl_close ($  api);         return $  jwt_token;     } else {         die('Invalid response getting JWT token on WordPress for API integration.');     }     return null; } 

and this function to upload the image

function upload_image_wp( $  path ): array {     $  request_url = 'https://example.com/wp-json/wp/v2/media';      $  image = file_get_contents( $  path );     $  mime_type = mime_content_type( $  path );      $  api = curl_init();      $  username = 'admin';     $  password = 'password';      $  httpheader = array( 'Content-Type: ' . $  mime_type, 'Content-Disposition: attachment; filename="' . basename($  path) . '"', 'Authorization' => 'Bearer ' . WOO_JWT_KEY );      curl_setopt( $  api, CURLOPT_URL, $  request_url );     curl_setopt( $  api, CURLOPT_POST, 1 );     curl_setopt( $  api, CURLOPT_POSTFIELDS, $  image );     curl_setopt( $  api, CURLOPT_HTTPHEADER, $  httpheader );     curl_setopt( $  api, CURLOPT_VERBOSE, 1);     curl_setopt( $  api, CURLOPT_RETURNTRANSFER, 1 );     curl_setopt( $  api, CURLOPT_USERPWD, $  username . ':' . $  password );     $  result = curl_exec( $  api );     printr(curl_getinfo($  api));     curl_close( $  api );     return json_decode( $  result ); } 

with my headers looking something like this:

Array (     [0] => Content-Type: image/gif     [1] => Content-Disposition: attachment; filename="user_loggedin_avatar.gif"     [Authorization] => Bearer eyJhbGciOiJIU..................................... ) 

Is my format wrong? Am I doing something else wrong? I have never worked with JWT authentication before so this has all been new to me.

This is the error I am getting on the return of my call.

object(stdClass)[3]   public 'status' => string 'error' (length=5)   public 'error' => string 'INVALID_AUTHORIZATION_HEADER_TOKEN_TYPE' (length=39)   public 'code' => string '401' (length=3)   public 'error_description' => string 'Authorization header must be type of Bearer Token.' (length=50) 

Unfortunately google isn’t showing much of anything regarding why this error pops up, so I am a bit stuck. Any help greatly appreciated!

Self-XSS From File Upload Name

I encountered this type of vulnerability a couple of times but weren’t able to fully exploit it, need help! This vulnerability is self-xss which is triggered from file names. E.g. If I were to upload a file named ‘[xss-payload].png’, it will be executed as javascript and the window will prompt ‘1’. But it only goes as far as that, the file name stored in the server is randomly generated, therefore this isn’t a stored xss. Is there anyway I could exploit this? The Javascript is executed when uploading the file only. I tried chaining with Clickjacking, but website doesn’t allow iframe. And from what I heard, CSRF is not possible since setting a ‘pre-filled’ file name is not possible when uploading a file. Any idea where I should go with this? Can I chain this with other vulnerabilities? Thank you all.

[XSS-Payload] = Any XSS payload as file name will be executed when uploading the file

E.g. File Name: <img src=x onerror=alert(1)>.png

File Upload Vulnerability SVG

I am currently doing a bug bounty program and was testing the company’s file upload functionality. After meddling with the functionality for a while, I was able to change the extension of the uploaded file to ‘.svg’ using burpsuite. I have read tons of article saying that .svg files is equal to XSS. In my case I was not able to fully upload svg file since the server is checking the content of the file. I have change the ‘Content-Type’ to image/svg and the file is uploaded, but when I change the content of the file with XML Tags, the server denied my upload. I found out that in order for the file to be uploaded successful, the beginning of the content type should be ‘…JFIF’ which is a metadata to describe that the content is JPEG/PNG and is interchangable. I have tried appending the SVG XML tag after the metadata and has successfully uploaded it to the server, but when the image is opened, a square image appeared and my XML tags are not being executed.

Is there any way I could bypass this image content to be able to execute XML? Is there any metada for SVG perhaps?

How do I upload movies for free to my website for watching movies and TV shows? [closed]

So, I want to make my own website for watching movies and TV shows but not in English but in my native language. So I was wondering is it legal to just upload videos from the openload server or some other server to my website without having to pay for an openload account or something or does openload just let me upload their videos for free. It might be a stupid question but I am really not familiar with this subject and if you have any tips for building my movie watching website what would be great. Thanks!!!

DVWA file upload background

I’ve just started in penetration testing with metasploitable and currently trying to learn file upload vulnerability present in DVWA module. I know that somehow upload is preventing files other than images to be uploaded but I don’t understand how. I tried to look page source of ‘upload file’ webpage but I don’t see any javascripts working there. Webpage only refers to a script which also doesn’t seem to have any filters for file being uploaded. Can someone please explain what exactly in the html or JavaScript of webpage is working as a filter?

Bulk upload images with custom URL

I am running a library system on WordPress. Right now, my book cover images are saved like this:
/wp-content/uploads/2020/06/[book_barcode].jpg

I want to change this to /wp-content/uploads/library/[book_barcode].jpg, but this would also be fine:
/wp-content/uploads/[book_barcode].jpg

I have a bunch of other images, so I can’t change the entire organization of my media folder. I will eventually have thousands of book cover images, so doing each one individually would be tedious. Is there any quick way to bulk upload?

Penetration testing: stuck with injecting upload form

I have to do an assignment for a penetration testing exam but i’m a little bit stuck.

Among all the vulnerabilities i have to inject an upload form but it behaves weird, if i upload a file (even an image or similar) it does not do anything so i can’t tell if the file has been uploaded or not, there is no error message , anything useful.

I have a LFI vulnearbility so i can check files in /var/www/html and get the source but i can’t find anything useful, basically i have only .php frontend files :\

What vulnerability can i expect? or are there any tests that i can do?

This is the post request of burp-suite when i upload: https://imgur.com/a/Z7zeFoQ

Thank you 🙂

How does sync.com provide “zero knowledge” for web application upload?

It is completely clear how desktop and mobile platforms for sync.com allow zero knowledge. However, it blows my mind when I try to understand how “ZERO KNOWLEDGE” could be theoretically possible when using a browser, i.e. web application upload.

So I login to sync.com with Chrome. Then I hit upload a file button, and a file from my PC is getting uploaded and encrypted on the fly by the browser? Then the browser must know my encryption key, i.e. my login password!!!!!!! Does this mean the browser (and the sync.com) is keeping my login credentials while I’m logged in? As far as I know the credentials should not be kept like this, the modern practice is JWT token or somethin……. Anyway… encription…. des a browser even have such a complicated encryption capability (comparable with the desktop app) …..or are my files being simply uploaded to the server and encrypted there????? But either way that would not be a zero knowledge