You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
When a user uploads an image in "SLiMS 9 Bulian official source code", the uploaded image’s EXIF Geolocation Data does not gets stripped. As a result, anyone can get sensitive information of "SLiMS 9 Bulian official source code" users like their Geolocation, their Device information like Device Name, Version, Software & Software version used etc.
There are lot of images having resolutions (i.e 1280 * 720 ) , and also whith different MB’s .
login your admin panel and membership menu and upload photo in any member profile.
see the path of uploaded image ( Either by right click on image then copy image address OR right click, inspect the image, the URL will come in the inspect , edit it as html )
See whether is that still showing exif data , if it is then Report it.
Proof Of Concept:
You can see the Proof of Concept. which I've attached screenshots and video to confirm the vulnerability.
Screenshots
Video
video.mp4
Desktop (please complete the following information):
OS: Windows 10
Browser: Google Chrome
Impact
This vulnerability is CRITICAL and impacts all the "SLiMS 9 Bulian official source code" customer base. This vulnerability violates the privacy of a User and shares sensitive information of the user who uploads an image on SLiMS 9 Bulian official.
Describe the bug
When a user uploads an image in "SLiMS 9 Bulian official source code", the uploaded image’s EXIF Geolocation Data does not gets stripped. As a result, anyone can get sensitive information of "SLiMS 9 Bulian official source code" users like their Geolocation, their Device information like Device Name, Version, Software & Software version used etc.
CMS Version:
v9.5.2
Affected URL:
http://127.0.0.1/bulian/admin/index.php?mod=membership
To Reproduce
Steps to reproduce the behavior:
login your admin panel and membership menu and upload photo in any member profile.
Proof Of Concept:
You can see the Proof of Concept. which I've attached screenshots and video to confirm the vulnerability.
Screenshots
![screenshot1](https://user-images.githubusercontent.com/41516016/229643111-faa0574b-9aa0-4b03-a0d0-da0f7f18e3a1.png)
![screenshot2](https://user-images.githubusercontent.com/41516016/229643122-6698a566-4d72-4b66-b5c5-ede2aedf76d4.png)
![screenshot_2](https://user-images.githubusercontent.com/41516016/229643136-7eefeefc-0bb8-4797-9a2a-5a707157152b.png)
![screenshot3](https://user-images.githubusercontent.com/41516016/229643152-df7cbe53-8070-4735-ba9e-3707f6b3f5a2.png)
Video
video.mp4
Desktop (please complete the following information):
Impact
This vulnerability is CRITICAL and impacts all the "SLiMS 9 Bulian official source code" customer base. This vulnerability violates the privacy of a User and shares sensitive information of the user who uploads an image on SLiMS 9 Bulian official.
Let me know if any further info is required.
Thanks & Regards
Rahad Chowdhury
Cyber Security Specialist
https://www.linkedin.com/in/rahadchowdhury
The text was updated successfully, but these errors were encountered: