HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Small Security Issue

BleistivtBleistivt Moderator
edited August 2014 in Feedback

This plugin doesn't check wether the User is logged in, allowing anybody who has the URL to upload an image.

While this won't lead to a compromise of vanilla (and uploads with this plugin are anonymous anyway), I think only users that are logged in should be able to upload.

To fix it change this:

public function PostController_Imageupload_create()
{
    $Session = Gdn::Session();
    if (!$Session->IsValid())
        return;

Comments

  • whu606whu606 I'm not a SuperHero; I just like wearing tights... MVP

    @Bleistivt

    But if guests can't post, how can they exploit this?

  • LincLinc Detroit Admin

    @whu606 That endpoint is separate from the posting mechanism. You don't need to be creating a post to upload a file to the server.

  • whu606whu606 I'm not a SuperHero; I just like wearing tights... MVP
    edited August 2014

    Ah!

    I bow to your wisdom, o code Yoda

  • LincLinc Detroit Admin

    Everything's coming up Millhouse.

Sign In or Register to comment.