HackerOne: GIF flooding

ID H1:400
Type hackerone
Reporter dutchgraa
Modified 2013-11-30T12:44:26


Current limits

Image size: 1 MB Image dimensions: 2048x2048px File types: jpg/png/gif

Another image hack

A GIF composed of 40k 1x1 images made Paperclip freeze until timeout.

As attachments I sent the file composed of 40k images, and a screenshot of the timeout.

Possible Fix

Check if: file size / (width * height) != ridiculous amount