|
@vm_call | |||||
|
I wonder if vs project arbitrary code execution is another wont-fix🤔 pic.twitter.com/bN4BKgfVUQ
|
||||||
|
||||||
|
Carl Schou / vm
@vm_call
|
30. pro |
|
You can even infect Github repositories if you have commit privileges as .gitignore's usually don't cover this
|
||
|
|
||
|
Carl Schou / vm
@vm_call
|
30. pro |
|
@alert_insecure and no, I didn’t pop calc because that’s for info sec nerds like @fritzboger
|
||
|
|
||
|
Mickey
@HackingThings
|
31. pro |
|
probable resolution:
"You should only open projects from a trustworthy source"
|
||
|
|
||
|
Carl Schou / vm
@vm_call
|
31. pro |
|
Yes but that’s not really a resolution, if you’re cloning something from git, your intention is to view the source code, and some generic prompt won’t stop you from doing that
|
||
|
|
||
|
HoangSpecial
@SpecialHoang
|
31. pro |
|
This was always a known thing in project's file is it not? Just give a quick look around project file and solution file before opening.
|
||
|
|
||
|
GuidedHacking
@GuidedHacking
|
31. pro |
|
Same , I open all the project files in notepad++ before I open any project I download, can't trust anyone... especially this Hoang guy ^😅
|
||
|
|
||
|
Architect
@CitadelArcho
|
1. sij |
|
There seems to be quite a few ways of doing this, what makes this special?
|
||
|
|
||
|
ptim
@ptim__
|
31. pro |
|
nothing new, public for years, hackforums.net/showthread.php… people did this in 2015.
|
||
|
|
||