Jump to content

EXIF metadata not stripped from profile pic after uploading.


Recommended Posts

Description:
 
Vulnerability Discription: When an image is taken using a smartphone or camera certain metadata fields are often attached to it. These fields could include the model of the camera, the time it was taken, whether the flash was used, the shutter speed, focal length, light value and even the location. In Inturn, while uploading the image as a profile picture, the exif data is not stripped from images. The exif data in images contains sensitive data like Geoloacation, latitude, longitude, device name , device brand. etc. Also it contains the camera information and other details.
Vulnerable URL :- https://www.fiverr.com/ Tools Used: exiftool.

Impact

Exif metadata contains sensitive information like users geolocation data, device details which leads to information disclosure.
1) By this the attacker tracks your location and use it for personal things.
2) Sensitive data exposed.
 
 
  • Like 1
Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share

×
×
  • Create New...