文章描述了一个团队协作平台的漏洞测试过程。作者在测试聊天功能中的文件上传时发现,通过篡改上传请求中的file_url参数,可以捕获用户敏感信息如IP地址、操作系统版本和所在城市等。该漏洞可能导致用户隐私泄露,对团队安全构成威胁。 2025-9-6 05:52:51 Author: infosecwriteups.com(查看原文) 阅读量:9 收藏
Target Overview
The target platform provides a team workspace where members can collaborate by creating and managing tasks. In addition, the platform offers a built-in team chat feature that allows users to communicate directly within the workspace
Press enter or click to view image in full size
The Discovery
During my testing I focused on the chat functionality specifically the file upload feature since it allows users to share images and documents with other team members
While uploading an image I noticed that the request included a parameter called file_url This parameter pointed to the location of the uploaded image. Naturally I wondered: what if I change this value to an external domain under my control
Press enter or click to view image in full size
I first tried replacing the URL with one of my own collaboration servers But it didn’t receive any requests To confirm the Bug I then used an IP-Logger which successfully captured
Press enter or click to view image in full size
I also checked the server response to confirm whether the request returned a 200 OK or a 400 Bad Request
Press enter or click to view image in full size
After forwarding the request, the result was that the image showed an error when the chat was opened
Then I switched to the victim account opened the chat and went back to The IP logger Then BOOM
Press enter or click to view image in full size
I clicked on “More Info” to see more details about the victim
Press enter or click to view image in full size
MindSet:
Press enter or click to view image in full size
Impact:
Black Hat Hackers can get critical information about all The Target users in Team The information obtained is very important for the privacy of the users and includes information such as IP address, OS version , city …
如有侵权请联系:admin#unsafe.sh