Found a Cross-Site Websocket Hijacking bug that lets me read directory listings for any folder. This was an application I installed which happened to be running a Node.js daemon on localhost and communicating via WebSockets. Always be suspicious of apps that run on localhost.
-
-
No server-side function to exfiltrate file contents that I could find. There is a path to RCE via ffmpeg but I don't have the time. I sent the report through this morning as the root cause is websocket hijacking.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.