Closed SaschaMester closed 9 years ago
Let an uploaded file be available under mediacru.sh/ABCDEF ( fictive link to have an example - file won't exist ).
Anyone who knows this link will be able to delete the file by calling mediacru.sh/api/ABCDEF/delete
This will be pretty interesting for attackers.
That's not how it works.
Let an uploaded file be available under mediacru.sh/ABCDEF ( fictive link to have an example - file won't exist ).
Anyone who knows this link will be able to delete the file by calling mediacru.sh/api/ABCDEF/delete
This will be pretty interesting for attackers.