I am currently working on a website and when trying to read metadata using an Firefox browser add-on it successfully retrieves all the metadata present. I want to know that is it a security threat to be reported?
@Rootsec if you are getting geographical coordinates off images on or uploaded to the website then you have something to report.
What if i am getting software used, etc data other than geo coordinates?
@Rootsec Can you show me an example of the data you have collected?
I am getting these while analyzing a image:
IPTC
Coded Character Set = 27, 37, 71, 32, 47, 32, 27, 37, 71, 32, 47, 32, 27, 37, 71, 32, 47, 32, 27, 37, 71, 32, 47, 32, 27, 37, 71, 32, 47, 32, 27, 37, 71
Record Version = 116
IPTC Core (Adobe XMP)
Expand All / Collapse All / Show/Hide XMP Source / Show/Hide XMP Legend
xpacket = begin="" id="W5M0MpCehiHzreSzNTczkc9d"
x:xmpmeta
xpacket = end="w"
EXIF IFD0
Picture Orientation {0x0112} = normal (1)
X-Resolution {0x011A} = 720000/10000 ===> 72
Y-Resolution {0x011B} = 720000/10000 ===> 72
X/Y-Resolution Unit {0x0128} = inch (2)
Software / Firmware Version {0x0131} = Adobe Photoshop CS6 (Windows)
Last Modified Date/Time {0x0132} = 2016:05:19 13:45:08
EXIF Sub IFD
Colour Space {0xA001} = sRGB (1)
Image Width {0xA002} = 1920 pixels
Image Height {0xA003} = 980 pixels
EXIF IFD1
Compression {0x0103} = JPEG compression (6)
X-Resolution {0x011A} = 72/1 ===> 72
Y-Resolution {0x011B} = 72/1 ===> 72
X/Y-Resolution Unit {0x0128} = inch (2)
Embedded thumbnail image:@Rootsec I would find a picture on the web that you know exposes geographical location then upload it and then check it once it is uploaded for the geographical location info again.
If we find a image that exposes Geo coordinates then why do we need to upload it?
In my opinion yes. I would sugest to reporting it.