63 matches found
Imgur: XSS via React element spoofing
Hello, I noticed an XSS on imgur. Proof of concept: visit the URL http://imgur.com/vidgif/ticket/aaaaaaaa?errorpropsdangerouslySetInnerHTMLhtml=%3Cimg%20src=a%20onerror=%22alert%27XSS%20on%20%27%2bdocument.domain%22%3E&errorisReactElement=true&errortype=body It's not the simplest case as it...
Imgur: Local file read in image editor
Filepaths were able to traverse up outside of their intended directory when using the /edit/process API endpoint. Insufficient imageid filtration in image editor allowed an attacker to read arbitrary files. An attacker could read files by setting file path in imageid GET param in /edit/process AP...
Imgur: SSRF / Local file enumeration / DoS due to improper handling of certain file formats by ffmpeg
Hello! Short description ======== https://imgur.com/vidgif/upload endpoint is vulnerable to a SSRF/LFE vulnerability which allows an attacker to craft connections originating from imgur servers to any destination on the internet and imgur internal network and disclose lists of files located on...
Imgur: SSRF and local file read in video to gif converter
Video to gif converter on http://imgur.com/vidgif uses Lavf/55.48.100 with network options enabled. It makes possible SSRF by uploading specially crafted playlist. For example we can use mp4 file http://yngwie.ru/1.mp4 EXTM3U EXT-X-MEDIA-SEQUENCE:0 EXTINF:10.0, http://yngwie.ru/2.mp4 EXT-X-ENDLIS...
Imgur: SSRF in https://imgur.com/vidgif/url
Hello, Short description ======== https://imgur.com/vidgif/url endpoint is vulnerable to a SSRF vulnerability which allows an attacker to craft connections originating from imgur servers to any destination on the internet and imgur internal network and craft outgoing UDP-packets / telnet-based...
Imgur: Big Bug in SSL : breach compression attack (CVE-2013-3587) affect imgur.com
Hi imgur Security Team, This is an urgent issue and wish you fix it as soon as possible ... so this web application " imgur.com " " is potentially vulnerable to the BREACH attack. An attacker with the ability to: Inject partial chosen plaintext into a victim's requests Measure the size of encrypt...
Imgur: XSS in imgur mobile 3
Hi i find other XSS Poc http://m.imgur.com/user/%22%3E%3Cimg%20src=x%20onerror=alert1%3E/message thanks ^^...
Imgur: XSS in imgur mobile
hi poc : http://m.imgur.com/user/phoenixrachel%22%3E%3Cimg%20src=x%20onerror=alert1%3E...
Imgur: risk of having secure=false in a crossdomain.xml
api.imgur.com permits SWF files on a non-HTTPS server to load data from this HTTPS server. Setting the secure attribute to false could compromise the security offered by HTTPS. In particular, setting this attribute to false opens secure content to snooping and spoofing attacks. The...
Imgur: Attack User Privacy Settings - X-Frame-Options missing on m.imgur.com/user/username/settings
Hello, I would like to report that almost entire mobile web site is vulnerable to clickjacking attacks, Maybe the most important critical part the /settings node, As an attacker could force a user to change his privacy settings with only two clicks, please see live video demonstration, of course...
Imgur: Login to any user account using other facebook app access token
Vulnerable Url: https://api.imgur.com/generatetoken/thirdpartynativeandroid?type=facebook Vulnerable Param: accesstoken Attck: Hacker can build own facebook app and get victim's facebook access token and use that access token to login into imgur account POC:...
Imgur: Imgur dev environments facing the Internet
A security group configuration error allowed Imgur development environments to face the public internet. Typically these environments were protected behind a special endpoint which would open access to authenticated Imgur employees for a short time window. Since the development environments were...
Imgur: XSS m.imgur.com
Hi find xss vulnerability in your site Poc http://m.imgur.com/gallery/iT5l7%22%3E%3Cimg%20src=x%20onerror=alert1%3E...
Imgur: Persistent XSS in https://p.imgur.com/albumview.gif and http://p.imgur.com/imageview.gif / post statistics
In p.imgur.com/albumview.gif, a post paramater could be set containing html and javascript. This was not escaped properly and the code would be executed. The reporter used the following example URLs as a proof of concept https://p.imgur.com/albumview.gif?a=F78FO&r=https://community.imgur.com/aler...
Imgur: Persistent XSS in image title
When adding a title to uploaded images, one can insert XSS into the title which is then executed for anyone viewing the image. PoC contains a harmless XSS: http://imgur.com/bSZwUBG&rAmpN4O How to recreate: 1. Open the Image Options page for an album. 2. Press "Add Title / Description" 3. Enter so...
Imgur: Csrf near report abuse meme
Hey team i would like to report a real csrf threat which allows attacker to make report abuse to any meme on behalf of the users how i found this bug :- lets visit to any meme example :- 1 http://imgur.com/t/memes/ieTEJEd 2 i clicked on post options 3 i got an option called report i clicked on it...
Imgur: Server Side Request Forgery In Video to GIF Functionality
imgur.com is vulnerable to Server Side Request Forgery because it fails to sanitize or verify the "url" GET parameter. This could be used by attackers to launch attacks against other 3rd party sites or proxy an attackers requests through the affected site to hide the attackers origin. In more...
Imgur: Crossdomain.xml settings on api.imgur.com too open
The crossdomain.xml file hosted at http://api.imgur.com/crossdomain.xml was too open. This allowed SWF files to make HTTP requests and see it's response. If this was not changed, then attacker.com can embed a SWF on attacker.com/example.html that makes an HTTP request to http://api.imgur.com/. Th...
Imgur: Content Sniffing not enabled
The HTTP header X-Content-Type-Options was not set to nosniff. This can cause some browsers to try to determine the content/encoding type of a response, which is an undesired behavior...
Imgur: "Sign me out everywhere" does not work for desktop sessions
An account option that allowed users to sign out everywhere was found to not be functioning properly. A user selecting this option was not signed out. A fix has been rolled out to update session security as a result of this report...