Unrestricted File Upload on https://auth.ratelimited.me

Hello security team, Have found a way to upload files that aren't images on https://auth.ratelimited.me/ Steps to reproduce: 1. Login at https://auth.ratelimited.me/ 2. Click "change photo" and intercept with a tool (used burpsuite) 3. Choose "gravatar" option and change the 'url' parameter to anything you would like 4. Done Ps: The same occurs when you intercept "no photo" option Ps2: I could not execute code through this, but i thought it was a valid report because i tried to upload .txt files in "upload photo" options and it was not allowed. If you need further information, please contact me Best Regards, Daniel ## Impact possibility of uploading anything rather than images