Karelke
Well-known member
- Affected version
- 2.1.7
We performed a security audit and the following issue was discovered:
Log in and start a conversation with someone. Attach a picture to the message and you will be taken to the attachment management page.
In my case, /forum/attachments/upload?type=conversation_message&context[conversation_idapter=99999&hash=22c9fb5fdee39334b4459110036e72fb
You will have another hash in the link.
Now open the downloaded image in a new tab.
In my case /forum/attachments/file-png.4444/?hash=22c9fb5fdee39334b4459110036e72fb
Now just change the number after the dot in the link to view other images that you should not see.
Examples:
/forum/attachments/random-file-1-jpg.4441/?hash=22c9fb5fdee39334b4459110036e72fb
/forum/attachments/random-file-2-png.4442/?hash=22c9fb5fdee39334b4459110036e72fb
/forum/attachments/random-file-3-png.4443/?hash=22c9fb5fdee39334b4459110036e72fb
etc
[/QUOTE]