all InfoSec news
How Browser’s Save As Feature might lead to Code Execution (CVE-2022–45415)
Jan. 15, 2023, 3:04 a.m. | Jayateertha Guruprasad
InfoSec Write-ups - Medium infosecwriteups.com
Few days ago, while I was exploring browser based bugs, I read a article over internet explaining about a path traversal vulnerability in Safari browser using Save Page As Feature.
The file name was generated from content of <title></title> tag.
If title tag contained ../ characters, The file could be saved in a directory other than desired or default Downloads directory. (If anyone finds the article, feel free to mention the article link in comments)
I wanted to recheck for …
browser browsers bug bounty code code execution cve cybersecurity hacking infosec
More from infosecwriteups.com / InfoSec Write-ups - Medium
NTFS Filesystem: Alternate Data Stream (ADS)
2 days, 16 hours ago |
infosecwriteups.com
How I Hack Web Applications (Part 1)
2 days, 16 hours ago |
infosecwriteups.com
If You Want To Be A CISO Then Read This First …
2 days, 16 hours ago |
infosecwriteups.com
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Information Security Engineers
@ D. E. Shaw Research | New York City
Security Officer Level 1 (L1)
@ NTT DATA | Virginia, United States of America
Alternance - Analyste VOC - Cybersécurité - Île-De-France
@ Sopra Steria | Courbevoie, France
Senior Security Researcher, SIEM
@ Huntress | Remote US or Remote CAN
Cyber Security Engineer Lead
@ ASSYSTEM | Bridgwater, United Kingdom