One Article Review
| Source |  RedTeam PL |
|---|---|
| Identifiant | 1879304 |
| Date de publication | 2020-08-24 15:33:59 (vue: 2020-08-24 14:05:18) |
| Titre | Stealing local files using Safari Web Share API |
| Texte | DescriptionIn general Web Share API [https://w3c.github.io/web-share/] allows users to share links from the browser via 3rd party applications (e.g. mail and messaging apps). The problem is that file: scheme is allowed and when a website points to such URL unexpected behavior occurs. In case such a link is passed to the navigator.share function an actual file from the user file system is included in the shared message which leads to local file disclosure when a user is sharing it unknowingly. The problem is not very serious as user interaction is required, however it is quite easy to make the shared file invisible to the user. The closest comparison that comes to mind is clickjacking as we try to convince the unsuspecting user to perform some action.Below are the steps to reproduce the issue:1. Visit https://overflow.pl/webshare/poc1.html using |
| Envoyé | Oui |
| Condensat | /etc/passwd 111 14609 15609 2021 23/07/2020 24/07/2020 24/08/2020 24/08/202014/08/2020 3rd ;function about accessible achieve acknowledged action actual actually additional address after allowed allows almost already analyzed11/05/2020 announced api api:https://www app appearing apple apple21/04/2020 applications apps are asked asking attached attachment available because been behavior being below both bottom bottom:only browser browsing bug can candidate case cat catalina change check choice clarification click clickjacking closest code com/cat com/watch comes comparison conceptthis containing convince could cute dbbelow demonstrating demonstration demonstration: var descriptionin details different disclosure discovered display displayed:iosmail does down due easy exfiltrate exists extract file file: file:///etc/passwd file:proof filename files first fix follow following:file:///private/var/mobile/library/safari/history friends from function general get github gmail good got great:the had has have he/she here: history historyi how however html htmlaffected http://somerandomimagewebsite https://overflow https://w3c included information informed informing inspect intend interaction interesting investigate investigating invisible io/web ios issue issue11/06/2020 issue22/04/2020 issue:1 it” jpg just kitten leads like lines link links local looks macos macosmail mail make malicious message message:for message:messages messages messaging method methods mind mobile mojave months more navigator needed needs new nice not objections occurs only options opts order out party passed passwd perform pictures:the pl/webshare/poc1 pl/webshare/poc2 plan poc points post problem public publish published quite reasonable24/08/2020 received recipientsample replied reply reply02/07/2020 reply13/07/2020 reply21/07/2020 report reported reporting reproduce required responded result results reveal run safari safari 2 sample scenario scheme scroll scrolls security see seemed select selecting sensitive sent sent28/04/2020 serious share share/ shared sharing show shown side since small softwarethis some something soon spring status stealing steps such system tested text: them thought time timeline17/04/2020 today tricking try unexpected unknowingly unless unsuspecting update update02/08/2020 update13/05/2020 update17/08/2020 update29/04/2020 updated updates url url: used useful user users using v=zo389iwdit8and value version very victim video visit waiting web website well what when which will won would year youtube “obfuscated” “send “share |
| Tags | Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.