New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability in /submit endpoint #42

Open

22raor opened this issue Nov 20, 2024 · 0 comments

Assignees

Contributor

22raor commented Nov 20, 2024

/submit allows you to arbitrarily upload any file to the S3 storage, as long as you have ANY valid authorization token.

Steps to recreate:

Submit an application
Find your bearer token from the POST request
Run the following request
curl -X POST \ -F "resume=@<FILENAME>" \ -F "userId=<USERID>" \ -H 'authorization: Bearer <TOKEN>' \ http://localhost:5000/api/applications/submit

Note that any user id is accepted, and any file path can be written to. File type/size is also not checked.

The text was updated successfully, but these errors were encountered:

22raor assigned rpeddakama

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment