HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Small Security Issue
This plugin doesn't check wether the User is logged in, allowing anybody who has the URL to upload an image.
While this won't lead to a compromise of vanilla (and uploads with this plugin are anonymous anyway), I think only users that are logged in should be able to upload.
To fix it change this:
public function PostController_Imageupload_create() { $Session = Gdn::Session(); if (!$Session->IsValid()) return;
My themes: pure | minusbaseline - My plugins: CSSedit | HTMLedit | InfiniteScroll | BirthdayModule | [all] - PM me about customizations
VanillaSkins.com - Plugins, Themes and Graphics for Vanillaforums OS
6
Comments
@Bleistivt
But if guests can't post, how can they exploit this?
@whu606 That endpoint is separate from the posting mechanism. You don't need to be creating a post to upload a file to the server.
Ah!
I bow to your wisdom, o code Yoda
Everything's coming up Millhouse.