U tweetove putem weba ili aplikacija drugih proizvođača možete dodati podatke o lokaciji, kao što su grad ili točna lokacija. Povijest lokacija tweetova uvijek možete izbrisati. Saznajte više
I've been playing with ImageMagick the last couple of days, some tricks I've learned: 1) IM delegates some intermediate processing to its "delegates" (duh). Default installs come with a *bunch* of them enabled by default. Let's see why this is an interesting feature:pic.twitter.com/sNBS6UDoEq
^ ImageMagick reads fake_jpg.jpg, identifies it as an HTML document, and calls "html2ps -U -o %o %i". This is a feature, we can leverage this on apps that only check file extension and delegate conversion to ImageMagick (e.g. webapp image file upload)
2) We can force ImageMagick to write controlled content to our output file. This is not bad per se, but again we can leverage this on apps that blindly accept the provided mime-type (stored XSS via image).
E.g. Everything you write after this payload gets reflected on the output: https://github.com/rshariffdeen/poc/blob/master/0004-imagemagick-dividebyzero-identify … haven't tried other methods like image metadata
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
