Tricky & Simple EXIF protection Bypass

Hello Hackers! ?

It’s been a year and a half since my last write-up, so I thought lets share something simple yet interesting. I recently came across an intriguing vulnerability and thought I’d share it with you all. Let’s dive in!

For beginners or those unfamiliar with EXIF vulnerabilities, I recommend reviewing this article first before returning to the current one.

As always there is an web-application, this platform allows users to upload an image as their profile picture. However, I noticed that the image wasn’t being replicated anywhere within the application’s dashboard or services, so I moved on to explore other functionalities such as login and password reset..

During the login process, after entering an email address, the application displayed the user’s profile picture.

I opened the image in a new tab, and the URL appeared as follows:

https://pic.abc.com/eyJ----------------------JWT_token--------------------

If I paste this URL on jimpl.com to retrieve EXIF data it did not show any location specific data.

However, I decided to investigate further.

(Again if you don’t know about JWT token go through this article.)

I extracted the JWT token from the URL, navigated to JWT.io, and pasted the token there. In the token’s header section, I discovered a different URL.

I copied this new URL and pasted it into Jimpl.com, where I was able to successfully retrieve the EXIF data associated with the image, effectively bypassing the EXIF protection mechanism.

Isn’t it interesting and simple?

If you liked it do follow me on Twitter & Linkedin .


Tricky & Simple EXIF protection Bypass was originally published in InfoSec Write-ups on Medium, where people are continuing the conversation by highlighting and responding to this story.

原始链接: https://infosecwriteups.com/tricky-simple-exif-protection-bypass-5d0babd908f3?source=rss----7b722bfd1b8d---4
侵权请联系站方: [email protected]

相关推荐

换一批