Content Spoofing
Unknown
Vulnerability Details
Here is an unvalidated insertion of an image, resulting to content spoofing
https://awayon.slack.com/account/photo?url=http://www.thenewstribe.com/wp-content/uploads/2014/01/Syrian-Electronic-Army-hacked-CNN.jpg
It displays any photo, what the attacker must know is just the "awayon" or the team name.
Thank you.
Clifford Trigo
Actions
View on HackerOneReport Stats
- Report ID: 2979
- State: Closed
- Substate: informative
- Upvotes: 3