ENXF NET
Administrator
Staff member
Administrator
Moderator
+Lifetime VIP+
S.V.I.P.S Member
S.V.I.P Member
V.I.P Member
Collaborate
Registered
- Joined
- Nov 13, 2018
- Messages
- 26,865
- Points
- 823
Steps to reproduce
The generated
Suggested Mitigation
Make the hashes automatically expire after a configurable expire time
Continue reading...
- Configure a proxy secret
- Start a new post
- Insert an external image
- Click preview
- Copy the generated image URL
The generated
proxy.php URL can now be used externally forever until the secret is changed without the image ever being displayed anywhere publically in XenForoSuggested Mitigation
Make the hashes automatically expire after a configurable expire time
Continue reading...