Open
Description
/submit allows you to arbitrarily upload any file to the S3 storage, as long as you have ANY valid authorization token.
Steps to recreate:
- Submit an application
- Find your bearer token from the POST request
- Run the following request
curl -X POST \ -F "resume=@<FILENAME>" \ -F "userId=<USERID>" \ -H 'authorization: Bearer <TOKEN>' \ http://localhost:5000/api/applications/submit
Note that any user id is accepted, and any file path can be written to. File type/size is also not checked.
Metadata
Metadata
Assignees
Labels
No labels