We have confirmed this POC to work and in fact provide read access to a chosen file that the initiating user didn't have read access to. https://twitter.com/Evil_Polar_Bear/status/1075605011105767424 …
-
-
It is a race condition issue, and your race was lost :) Did you also try the desktop.ini from another user?
-
I've narrowed it down to: If you set the "Deny" permission for "Authenticated Users", this exploit will not successfully be able to read the file in question (it'll just peg the CPU and never return). How my one snapshot ended up with my "limited" user with full privs, ¯\_(ツ)_/¯pic.twitter.com/jEsz5Xj01c
- 4 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.