Security - Arbitrary Change Profile Picture #1131
Comments
|
I will check, thank you! |
|
Fixed, thank you |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe
This vulnerability allows authenticated users to change other user's profile pictures.
Steps to reproduce the vulnerability
Moreover, we can access directly to Profile Pictures like this
http://site-name/bludit/bl-content/uploads/profiles/[username].png
From a HTTP Request to perform to change a user picture.
We could change the username to another username.
As a result, we could change to the profile picture of another user.
Login with Administrator to verify the change via username “admin” and found a profile picture has changed.
In addition, we could arbitrarily create a picture (png) to other directories.
Comments
The vulnerability doesn't validate an authorization before the upload process. Moreover, it could be pulled username from trusted source
Bludit version
Affected in Bludit v3.10.0
PHP version
PHP Version 7.1.33
The text was updated successfully, but these errors were encountered: