Vulnerability submission #83
Description
Website background file submission file hosting server vulnerability
Hazard level: low risk
Coverage: This vulnerability can be invoked by all registered users
Vulnerability details
Personal information - avatar upload - upload any picture capture package:
modify the cropped_b64 parameter to data: image / arbitrary file type; BASE64, file content encoding base64 upload can successfully pass the browser - view the source code to get the file after uploading path
Repair plan
- Verify data:image/jpeg in cropped_b64