Bug Image proxy can be abused too easily

Thread starter Kirby
Start date May 15, 2024

There is a bug in this version

Kirby

Guest

May 15, 2024

Steps to reproduce

Configure a proxy secret
Start a new post
Insert an external image
Click preview
Copy the generated image URL

Result
The generated proxy.php URL can now be used externally forever until the secret is changed without the image ever being displayed anywhere publically in XenForo

Suggested Mitigation
Make the hashes automatically expire after a configurable expire time

Continue reading...

You must log in or register to reply here.

Similar threads

Solved Image Proxy: Some (valid) webp images throw "invalid type" error

Replies: 0

Views: 53

XenForo General Discussions Jul 6, 2024

Cyberkef

Bug Image proxy always returns status code 200

Replies: 0

Views: 71

XenForo General Discussions May 17, 2024

Kirby

XenForo Image proxy not proxying images from certain domains

Replies: 0

Views: 81

XenForo Development & Modifications Apr 27, 2024

Fullmental

Bug Image Proxy Service caches local URLs

Replies: 0

Views: 136

XenForo General Discussions Dec 28, 2023

Kirby

XenForo Image Proxy + Curl + User Agent

Replies: 0

Views: 297

XenForo Development & Modifications Jun 14, 2023

akok

Facebook X (Twitter) Reddit Pinterest WhatsApp Email Link

Top Bottom

Back

Welcome To The Geeks-Board!
For full use of the forum, you need to register. The registration will take only 1 minute and after that, you can enter and read topics. So don't hesitate and register now!
Log in Register
🔥 Hardware & Software Products
🔥 Android Devices Support
🔥 Web Development

This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.

Accept Learn more…

Search

Search

Bug Image proxy can be abused too easily

Kirby

Guest

Similar threads