filmov
tv
Brave Desktop - OS Command Injection
Показать описание
Vulnerabilities type : OS Command Injection (Patched)
Effected : Desktop applications
The issue is in the way the application handles website TLDs. typically in windows, .com represents an application, much similar like .exe - when Brave saves a website (Ctrl+S) - it uses the name of the website. For PoC purpose I used .bat TLDs because they are much easier to show a poc with instead of binary application garbage data. In Windows, Microsoft warns users when they execute applications that are downloaded, this can simply be bypassed by sending filenames with words like Update or Setup... yeah, I can't believe this works too.
Effected : Desktop applications
The issue is in the way the application handles website TLDs. typically in windows, .com represents an application, much similar like .exe - when Brave saves a website (Ctrl+S) - it uses the name of the website. For PoC purpose I used .bat TLDs because they are much easier to show a poc with instead of binary application garbage data. In Windows, Microsoft warns users when they execute applications that are downloaded, this can simply be bypassed by sending filenames with words like Update or Setup... yeah, I can't believe this works too.
0:00:56
0:03:13
0:00:14
0:01:30
0:00:12
0:03:29
0:02:14
0:00:42
4:21:10
0:13:22
0:01:38
0:08:04
0:03:47
0:00:45
0:00:16
0:03:26
0:02:32
0:00:29
0:04:58
0:01:34
0:02:25
0:07:29
0:01:03
0:01:29