P4 bug’s and their POC steps | Part 8

Read For Free Here: https://nexguardians.com/p4-bugs-and-their-poc-steps-part-8/

This is part 8 of P4 bug’s if you haven’t check previous part then check it out. Part 1 , Part 2, Part 3, Part 4, Part 5, Part 6, Part 7

Hi everyone, I am socalledhacker, i am a security researcher , penetration tester, certified ethical hacker and a web3 noob. In past months, I have discover lot’s of bugs but in today’s article we are going to discuss about low hanging fruits or P4 vuln’s as they are very easy to find and also present in almost every website. So let’s start with our first vulnerability.

This bug is consider as P4 but sometimes as per the impact, this can be consider as P3 vulnerability.

Let’s dive into it’s details like what this bug is and how to find it?

In almost every website, there is an upload image feature available, it may be profile picture or other type of upload. If website/webserver is not stripping exif metadata of an image uploaded by the user then it’s a bug (P4). There are two different conditions in this like if the image is visible to more then one person then it’s a P4 called Exif Geolocation Manual Enumeration. While if the image is visible publicly like Instagram profile picture is visible to everyone…