Comment on page

EXIF Geo Data Not Stripped

Summary:

When a user uploads an image in example.com, the uploaded image’s EXIF Geolocation Data does not gets stripped. As a result, anyone can get sensitive information of example.com users like their Geolocation, their Device information like Device Name, Version, Software & Software version used etc.

Steps to reproduce:

  1. 2.
    There are lot of images having resolutions (i.e 1280 * 720 ) , and also whith different MB’s .
  2. 3.
    Go to Upload option on the website
  3. 4.
    Upload the image
  4. 5.
    see the path of uploaded image ( Either by right click on image then copy image address OR right click, inspect the image, the URL will come in the inspect , edit it as html )</br>
  5. 7.
    See wheather is that still showing exif data , if it is then Report it.

Reports (Hackerone)

Author