@lpi1.bsky.social
I hope it's gonna be a fortinet zeroday, I'd like to se De Niro do /../ and then bypass the fix with /..;/
December 24, 2024 at 7:26 AM
I hope it's gonna be a fortinet zeroday, I'd like to se De Niro do /../ and then bypass the fix with /..;/
The question I often face handling that kind of bugs is weather having to target a specific user (admin) with social engineering would make the attack complexity High or is User interaction "required" enough here to have a realistic CVSS score.
November 15, 2024 at 10:00 AM
The question I often face handling that kind of bugs is weather having to target a specific user (admin) with social engineering would make the attack complexity High or is User interaction "required" enough here to have a realistic CVSS score.
In my opinion PR is None as it is a relfected XSS, the attacker does not need privileges to craft the payload and send it to an admin.
November 15, 2024 at 9:56 AM
In my opinion PR is None as it is a relfected XSS, the attacker does not need privileges to craft the payload and send it to an admin.