{"id":21506,"date":"2025-10-14T13:02:06","date_gmt":"2025-10-14T13:02:06","guid":{"rendered":"http:\/\/localhost\/?p=21506"},"modified":"2025-10-14T13:02:06","modified_gmt":"2025-10-14T13:02:06","slug":"packet-storm-exif-data-disclosure","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=21506","title":{"rendered":"\ud83d\udcc4 Packet Storm EXIF Data Disclosure_PACKETSTORM:210462"},"content":{"rendered":"

{“lastseen”:”2025-10-14T17:19:48″,”description”:”A bad code push allowed EXIF data to remain in some photos on Packet Storm. Our analysis shows…”,”published”:”2025-10-13T00:00:00″,”modified”:”2025-10-13T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Packet Storm EXIF Data Disclosure”,”source”:””,”references”:””,”id”:”PACKETSTORM:210462″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”Vulnerability Description :-\\n \\n When a user uploads an image in https:\/\/packetstorm.news, the uploaded\\n image\u2019s EXIF Geolocation Data does not get stripped. As a result, anyone\\n can get sensitive information from https:\/\/packetstorm.news users like\\n their Geolocation, their Device information like Device Name, Version,\\n Software \\u0026 Software version used etc.\\n \\n Steps to Reproduce :-\\n \\n 1. Navigate to this url :- https:\/\/packetstorm.news\/\\n 2. Login with Valid credentials\\n 4. Upload an image [ you can download metadata contained image from here\\n :- [ https:\/\/github.com\/ianare\/exif-samples\/tree\/master\/jpg ]\\n 5. After uploading , Right click on the image and open in a new tab\\n 6. Copy the url of that image or Download the image\\n 7. Navigate to this website :- https:\/\/exif.tools\\n 8. Paste that link or upload the downloaded image there and check EXIF\\n Geolocation\\n Data Not Stripped From Uploaded Image\\n 9. Please refer the proof of concept attached below for better understanding\\n \\n Reference :- https:\/\/hackerone.com\/reports\/446238\\n \\n \\n Impact :-\\n \\n This vulnerability is CRITICAL and impacts all the https:\/\/packetstorm.news\\n customer base. This vulnerability violates the privacy of a User and shares\\n sensitive information of the user who uploads an image on\\n https:\/\/packetstorm.news .\\n \\n \\n \\n — \\n Packet Storm note:\\n \\n 2025\/10\/13: \\n \\n A bad code push stripped a strip and exif data remained in some uploaded images. Our analysis shows only 0.004% of pics were affected and they have all been stripped to ensure no further exposure. This included pictures for 3 users (a packet storm admin one of them, the researcher the other, and a third pic that was not an accessible pic but rather a stored image on the backend that had been converted), along with an advertisement test image. We took the site offline during this process to mitigate further disclosure in case the issue was bigger. The primary vector of attack was addressed, tested, and pushed live. We would like to extend our thanks to Vaibhav Jain for reporting the issue.”,”sourceHref”:”https:\/\/packetstorm.news\/download\/210462″,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/210462\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2025-10-14T17:19:48″,”description”:”A bad code push allowed EXIF data to remain in some photos on Packet Storm. Our analysis shows…”,”published”:”2025-10-13T00:00:00″,”modified”:”2025-10-13T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Packet Storm EXIF Data Disclosure”,”source”:””,”references”:””,”id”:”PACKETSTORM:210462″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”Vulnerability Description :-\\n…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,13,33,53,7,11,5],"class_list":["post-21506","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 Packet Storm EXIF Data Disclosure_PACKETSTORM:210462 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=21506\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 Packet Storm EXIF Data Disclosure_PACKETSTORM:210462 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2025-10-14T17:19:48″,”description”:”A bad code push allowed EXIF data to remain in some photos on Packet Storm. Our analysis shows…”,”published”:”2025-10-13T00:00:00″,”modified”:”2025-10-13T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Packet Storm EXIF Data Disclosure”,”source”:””,”references”:””,”id”:”PACKETSTORM:210462″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”Vulnerability Description :-n...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=21506\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-10-14T13:02:06+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=21506#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=21506\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 Packet Storm EXIF Data Disclosure_PACKETSTORM:210462\",\"datePublished\":\"2025-10-14T13:02:06+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=21506\"},\"wordCount\":479,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"exploit\",\"news\",\"NONE\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=21506#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=21506\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=21506\",\"name\":\"\ud83d\udcc4 Packet Storm EXIF Data Disclosure_PACKETSTORM:210462 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-10-14T13:02:06+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=21506#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=21506\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=21506#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 Packet Storm EXIF Data Disclosure_PACKETSTORM:210462\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 Packet Storm EXIF Data Disclosure_PACKETSTORM:210462 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=21506","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 Packet Storm EXIF Data Disclosure_PACKETSTORM:210462 - zero redgem","og_description":"{“lastseen”:”2025-10-14T17:19:48″,”description”:”A bad code push allowed EXIF data to remain in some photos on Packet Storm. Our analysis shows…”,”published”:”2025-10-13T00:00:00″,”modified”:”2025-10-13T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Packet Storm EXIF Data Disclosure”,”source”:””,”references”:””,”id”:”PACKETSTORM:210462″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”Vulnerability Description :-n...","og_url":"https:\/\/zero.redgem.net\/?p=21506","og_site_name":"zero redgem","article_published_time":"2025-10-14T13:02:06+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=21506#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=21506"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 Packet Storm EXIF Data Disclosure_PACKETSTORM:210462","datePublished":"2025-10-14T13:02:06+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=21506"},"wordCount":479,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","exploit","news","NONE","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=21506#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=21506","url":"https:\/\/zero.redgem.net\/?p=21506","name":"\ud83d\udcc4 Packet Storm EXIF Data Disclosure_PACKETSTORM:210462 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-10-14T13:02:06+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=21506#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=21506"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=21506#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 Packet Storm EXIF Data Disclosure_PACKETSTORM:210462"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/21506","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=21506"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/21506\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=21506"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=21506"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=21506"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}