If I'm not wrong, this requires the victim to already have visited his own profile, right?
-
-
-
If the victim has used Keybase at any period without clearing their browser cache, and performed a user lookup that returned their own details (Lookup of letter "a" would return details for you if your name is "Anton")
Kraj razgovora
Novi razgovor -
-
-
This is specifically for chrome browser right?Also how did you manage to steal data I mean for every XHR request the browser get response but it don't show you over GUI due to SOP.Were u able to reterive data from browser with this coz in pic you are sharing images of network tab
-
The response is from the browser cache, not the site itself since we can't include credentials because of their CORS policy. Yes the POC was just the network tab but I could've written some JS to log the response on my domain.
Kraj razgovora
Novi razgovor -
-
-
Awesome find, but this attack required to know what is your victim username or the username parameter could empty?
-
I don't need to know their exact name, I could just put in the most common letter such as 'e' that exists in a name and chances are it'll hit.
Kraj razgovora
Novi razgovor -
-
-
For stealing data I get it you are using
@BitK_ trick from chrome cache. But how did you managed to retrieve data over browser GUI ?Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
Synack Red Team | CVEs over Certs