文章描述了一个团队协作平台的漏洞:在测试过程中发现文件上传功能中的file_url参数可被篡改指向外部服务器,导致攻击者能够获取目标用户的关键信息(如IP地址、操作系统版本、城市等),对用户隐私构成严重威胁。 2025-9-6 05:52:51 Author: infosecwriteups.com(查看原文) 阅读量:6 收藏
Target Overview
The target platform provides a team workspace where members can collaborate by creating and managing tasks. In addition, the platform offers a built-in team chat feature that allows users to communicate directly within the workspace
Press enter or click to view image in full size
The Discovery
During my testing I focused on the chat functionality specifically the file upload feature since it allows users to share images and documents with other team members
While uploading an image I noticed that the request included a parameter called file_url This parameter pointed to the location of the uploaded image. Naturally I wondered: what if I change this value to an external domain under my control
Press enter or click to view image in full size
I first tried replacing the URL with one of my own collaboration servers But it didn’t receive any requests To confirm the Bug I then used an IP-Logger which successfully captured
Press enter or click to view image in full size
I also checked the server response to confirm whether the request returned a 200 OK or a 400 Bad Request
Press enter or click to view image in full size
After forwarding the request, the result was that the image showed an error when the chat was opened
Then I switched to the victim account opened the chat and went back to The IP logger Then BOOM
Press enter or click to view image in full size
I clicked on “More Info” to see more details about the victim
Press enter or click to view image in full size
MindSet:
Press enter or click to view image in full size
Impact:
Black Hat Hackers can get critical information about all The Target users in Team The information obtained is very important for the privacy of the users and includes information such as IP address, OS version , city …
如有侵权请联系:admin#unsafe.sh