Stop printing your personal photos via online websites
▻https://hackernoon.com/stop-printing-your-personal-photos-via-online-websites-155a9b925179?sour
Security Vulnerability in InkmonkThere are plenty of online shops which offer to print your photos, visiting cards and t-shirts. But do they protect the photos or personal information you share with them? We will find out.We discovered a #security vulnerability in Inkmonk.com (India’s first print marketplace) which leaks all the photos you have uploaded, via a simple API:Vulnerable APIThe ids used in the above #api is serially iterable and the response looks like this:API responseAnd if you click on one of the URLs in the above response, you will see the pictures uploaded by the users of the website. They do not require any kind of #authentication at all. Some examples below:This security bug was reported to the InkMonk on 19th November, 2017. They acknowledged the existence of the issue and (...)