We steal the ip addresses of those who came to our snippet.
HackerOne report #457659 by iframe on 2018-12-06:
Hello, I found a vulnerability that allows stealing IP addresses of those who came to our snippet. Using a malicious image upload.
- Create snipe
- Insert the edit
! [test] (https://filecat.ru/xss/)
- Save
ping will come to my server:
[https://gitlab.com/] New view from <REDACTED IP> at Friday 7th of December 2018 00:14:37
Impact
We steal the ip addresses of those who came to our snippet.
Attachments
Warning: Attachments received through HackerOne, please exercise caution!
Security Issue
Edited by Jeremy Matos