Prevent potential server file leak
1nc1n3r470r opened this issue · comments
I havent tested this yet
the file https://github.com/robbraxman/braxme/blob/3c814ebf7fec0a3ad972251f667bac6ceb511c97/prod/wrapphoto.php allows anyone to download a remote file, however if you start with ?u=http/../ you can download a local server file
file deleted