What is Exif meta data ?
A photo’s EXIF data contains a ton of information about your camera, and potentially where the picture was taken (GPS coordinates). That means, if you’re sharing images, there’s a lot of details others can glean from them.
EXIF stands for Exchangeable Image File Format. Every time you take a picture with your digital camera or phone, a file (typically a JPEG) is written to your device’s storage. In addition to all the bits dedicated to the actual picture, it records a considerable amount of supplemental metadata as well. This can include date, time, camera settings, and possible copyright information. Finally, if you use a camera phone or digital camera with GPS capabilities, it can record EXIF geolocation metadata.
As this was a private program all illustrations of vulnerabilities will be represented with the host as example.com. This application is 3 years old program so any low hanging fruit will be duplicate ( P4) that is what I assumed but let me try.
Since there are 5 to 6 things which you can create ( game characters ) all of them have this option to upload image with 1000 * 1000 pixel. so once you upload these images and click on save the characters are made public with no EXIF meta data.
Since I have already found EXIF meta data not removed from the profile pic image ( which went duplicate ).
I started comparing the URLs and figured it out that
https://example.com/image/thumbnails/16168/294/1000/1000/abcd.jpeg ( URL of image with no EXIF data) https://example.com/image/16168/294/abcd.jpeg ( URL of profile pic with EXIF meta data )
if I remove /thumbnails/ and /1000/1000/. I will be able to get the URL of image that was originally uploaded ( with EXIF meta data ).
So I reported 5 EXIF reports all accepted end-up with total of $XXXX