Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Conversation

Notices

Embed this notice
buherator (buherator@infosec.place)'s status on Monday, 11-Nov-2024 01:25:46 JST buherator
- K. Reid Wightman :verified: 🌻
- cR0w :cascadia:
#directoryTraversalMemes seem to become a classic, but I wonder if anyone has a list of specific payloads that trigger the different vulnerabilities of recent memory?

/cc @reverseics @cR0w

In conversation about 4 months ago from infosec.place permalink
- Embed this notice
  buherator (buherator@infosec.place)'s status on Monday, 11-Nov-2024 02:05:31 JST buherator
  @GossiTheDog @reverseics @cR0w Great you chime in! Any plans to release that x-user Recall exploit you talked about?
  
  https://infosec.place/notice/AieinAN5CpyKNShdvE
  In conversation about 4 months ago permalink
  Attachments
  1. Domain not in remote thumbnail source whitelist: media.infosec.place
    
    buherator (@buherator@infosec.place)
    
    @wdormann @screaminggoat @tiraniddo @arstechnica I'm happy to give @GossiTheDog the benefit of doubt here, but posts like the one referenced below *really* don't help getting a clean view of th...
- Embed this notice
  buherator (buherator@infosec.place)'s status on Monday, 11-Nov-2024 02:28:47 JST buherator
  @GossiTheDog @reverseics @cR0w But could *non-admin* users access the DB of *other* users? SQLite or not, this should not be possible (in general...). If it was possible back then (as it was suggested by you and articles based on your comments), then now would be the best time for all to see what the problem was to check if the same or similar problem is present in the implementation that is to be released.
  
  In conversation about 4 months ago permalink

Public

Conversation

Notices

Feeds