GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Embed Notice

HTML Code

Corresponding Notice

  1. Embed this notice
    Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 25-Jun-2024 22:56:43 JSTKevin BeaumontKevin Beaumont
    in reply to

    This GrimResource issue is.. Grim. Here's the PoC listed above, it's just easy code execution as the HTML code executes as the local computer context. I expect this one to explode in crimeware groups as it is so easy to exploit. Microsoft need to fix it.

    I can see clear historic misuse on VirusTotal - also red team firms using .msc files via MMC to, for example, get SMB hashes via WebDAV as it appears MMC just yolo contacts anything and auto logs in.

    In conversationabout a year ago from cyberplace.socialpermalink

    Attachments


    1. https://cyberplace.social/system/media_attachments/files/112/677/568/138/470/832/original/cbfe22ed50af4ece.png
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.