A Flask-based image gallery application contains multiple vulnerabilities. A stored XSS in the bug report feature allows stealing admin cookies. The admin panel has a directory traversal vulnerability enabling source code and database access. The application uses MD5 password hashing and stores credentials in a JSON file. A
•37m read time• From 0xdf.gitlab.io
Sort: