Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Open Selenium Web Driver Module #19753

Open
smcintyre-r7 opened this issue Dec 19, 2024 · 0 comments
Open

Open Selenium Web Driver Module #19753

smcintyre-r7 opened this issue Dec 19, 2024 · 0 comments
Labels
suggestion-module New module suggestions

Comments

@smcintyre-r7
Copy link
Contributor

If there is an open selenium web driver, a remote attacker can send requests to the victims browser. In certain cases this can be used to set command line flags for the browser which can sometimes be used for command injection. When command injection fails, the local file system can still be accessed using the file:// URI.

If the command injection can be tested and confirmed in cases, that would make for a nice exploit module. Access to the remote file system could be a separate, auxiliary module.

References:
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
suggestion-module New module suggestions
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@smcintyre-r7