Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V4 - Access Control

EXIF Geolocation Data Not Stripped From Uploaded Images - User Enumeration

POC

  • Upload the image
  • See the path of uploaded image
  • Open it (exif.regex.info/exif.cgi)
  • See whether is that still showing exif data

Impact

Low

Likelihood

Low