|
|
|
|
|
|
by jerkingerkin
4849 days ago
|
|
|
You clearly were not ready for production. Please take your SaaS product offline and fix it. 1) A Recursion vulnerability exists within your app - if I use your PHP sample code to take a a screenshot of itself, your service blows up. 2) You embed a fully usable API key and token in your landing page.
Line 254 and 255:
var urlPart = "apikey=6101EE5C99B145ECB79B4125BED74D19&url=" + $('#tryurl').val() + "&thumbnail_width=550&crop_height=440&width=1280&height=1024";
var token = calcMD5(urlPart + "9A8E44104F064A5B9AD410F0F2DC9558"); You might want to fix that. |
|
|