Hi, found a bug the message system, the place were you guys can had a image, supposelly, you can only had png, jpg, but well, i bypassed that with somefile.php.jpg
meaning the file can be used has an injection for php shells, in other website's.
example url: http://s3.amazonaws.com/satisfaction-...
Best regards
a href="http://" rel="nofollow""[img]http://[/img]" alt="" /a
a href="http://" rel="nofollow""[img]http://[/img]" alt="" /a
a rel="nofollow"
/a
a href="alert(1);" rel="nofollow"fdsfsfds
/a
a href="" rel="nofollow" oho
"
/a
Where are you trying to upload an image? In Tiggr or in GetSatisfaction.com?
the image does not appear, but its upload to your could server in amazon
http://s3.amazonaws.com/satisfaction-...
Just link the image via a free image hosting service. I'd contact getsatisfaction.com why the upload is not working. There is not much we can do.
