solidsnail

joined 1 year ago
sorted by: new top controversial old
npm search RCE? - Escape Sequence Injection in c/cybersecurity@infosec.pub
[–] solidsnail@infosec.pub 1 points 9 months ago

That is very true.
I do think that there's more depth to it than that. For example, dealing with it on the end of the terminal will probably break compatibility, and dealing with it on the app end will require every single dev to start sanitizing this. The challenges are real.

6
npm search RCE? - Escape Sequence Injection (blog.solidsnail.com)
5
npm search RCE? - Escape Sequence Injection (blog.solidsnail.com)
3
It’s not a Feature, It’s a Vulnerability (blog.solidsnail.com)
 

cross-posted from: https://infosec.pub/post/5707149

I talk about a report I've made to MSRC in the beginning of the year regarding vscode.

It's a bit different. There's no in depth technical stuff, because I basically just reported the feature, not a bug.

9
It’s not a Feature, It’s a Vulnerability (blog.solidsnail.com)
 

I talk about a report I've made to MSRC in the beginning of the year regarding vscode.

It's a bit different. There's no in depth technical stuff, because I basically just reported the feature, not a bug.

From Terminal Output to Arbitrary Remote Code Execution in c/security@lemmy.ml
[–] solidsnail@infosec.pub 1 points 1 year ago

( ͡° ͜ʖ ͡°)

From Terminal Output to Arbitrary Remote Code Execution in c/security@lemmy.ml
[–] solidsnail@infosec.pub 1 points 1 year ago (2 children)

Stopped you? Wdym?

6
From Terminal Output to Arbitrary Remote Code Execution (blog.solidsnail.com)
 

cross-posted from: https://infosec.pub/post/2466014

This is my first write-up, on a vulnerability I discovered in iTerm2 (RCE). Would love to hear opinions on this. I tried to make the writing engaging.

7
From Terminal Output to Arbitrary Remote Code Execution (blog.solidsnail.com)
 

cross-posted from: https://infosec.pub/post/2466014

This is my first write-up, on a vulnerability I discovered in iTerm2 (RCE). Would love to hear opinions on this. I tried to make the writing engaging.

7
From Terminal Output to Arbitrary Remote Code Execution (blog.solidsnail.com)
 

cross-posted from: https://infosec.pub/post/2466014

This is my first write-up, on a vulnerability I discovered in iTerm2 (RCE). Would love to hear opinions on this. I tried to make the writing engaging.

3
From Terminal Output to Arbitrary Remote Code Execution (blog.solidsnail.com)
 

cross-posted from: https://infosec.pub/post/2466014

This is my first write-up, on a vulnerability I discovered in iTerm2 (RCE). Would love to hear opinions on this. I tried to make the writing engaging.

6
From Terminal Output to Arbitrary Remote Code Execution (blog.solidsnail.com)
 

This is my first write-up, on a vulnerability I discovered in iTerm2 (RCE). Would love to hear opinions on this. I tried to make the writing engaging.