all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

How Browser’s Save As Feature might lead to Code Execution (CVE-2022–45415)

Add to bookmarks
Jan. 15, 2023, 3:04 a.m. | Jayateertha Guruprasad

InfoSec Write-ups - Medium infosecwriteups.com

Few days ago, while I was exploring browser based bugs, I read a article over internet explaining about a path traversal vulnerability in Safari browser using Save Page As Feature.
The file name was generated from content of <title></title> tag.
If title tag contained ../ characters, The file could be saved in a directory other than desired or default Downloads directory. (If anyone finds the article, feel free to mention the article link in comments)

I wanted to recheck for …

browser browsers bug bounty code code execution cve cybersecurity hacking infosec

Visit resource

More from infosecwriteups.com / InfoSec Write-ups - Medium

Tutorial on x86 Architecture: From Basics to Cybersecurity Links 2 days, 16 hours ago | infosecwriteups.com
architecture basics components continue +14
NTFS Filesystem: Alternate Data Stream (ADS) 2 days, 16 hours ago | infosecwriteups.com
filesystem forensics ntfs security +1
Creating Payloads with ScareCrow to Mimic Reputable Sources and Bypass Anti-Virus 2 days, 16 hours ago | infosecwriteups.com
hacker hacking hacking tools linux +1
Breaking Safeguards: Unveil “Many-Shot Jailbreaking” a Method to Bypass All LLM Safety Measures 2 days, 16 hours ago | infosecwriteups.com
artificial intelligence breaking bypass chatgpt +15
XSS Unpacked: What It Is, How It Works, and How to Stop It 2 days, 16 hours ago | infosecwriteups.com
cybersecurity script-injection secure coding web security +1
How I Hack Web Applications (Part 1) 2 days, 16 hours ago | infosecwriteups.com
application security bug bounty ethical hacking infosec +1
Storm Breaker: Unveiling the Power of the Social Engineering Tool 2 days, 16 hours ago | infosecwriteups.com
capabilities continue cybersecurity engineering +12
CVE-2024–3400: A Critical Vulnerability in PAN-OS Firewalls 2 days, 16 hours ago | infosecwriteups.com
bug bounty command command injection critical +13
If You Want To Be A CISO Then Read This First … 2 days, 16 hours ago | infosecwriteups.com
career advice careers ciso cybersecurity +6

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Security Officer Level 1 (L1)

@ NTT DATA | Virginia, United States of America
View on infosec-jobs.com

Alternance - Analyste VOC - Cybersécurité - Île-De-France

@ Sopra Steria | Courbevoie, France
View on infosec-jobs.com

Senior Security Researcher, SIEM

@ Huntress | Remote US or Remote CAN
View on infosec-jobs.com

Cyber Security Engineer Lead

@ ASSYSTEM | Bridgwater, United Kingdom
View on infosec-jobs.com
View more jobs