Y
Hacker News
new
|
ask
|
show
|
jobs
by
tastroder
701 days ago
Not sure what the e-mail confirmation flow does but your upload leaks the fileId that can be used to construct the target URI without it.
2 comments
rainonmoon
701 days ago
There are documents in here with PII. Be very careful OP, you're exposing a lot.
link
llamapecks
701 days ago
Can you let me know where you were able to gain access? Just trying to learn - thanks
link
jve
701 days ago
How is SQL Injection still a thing for new projects in 2024?
link
llamapecks
701 days ago
Will only show for verified docs now thanks
link