Lmst
Login

#DirectoryTraversal

BillSempf@infosec.exchange
2025-04-20

Easter has been hacked. #directorytraversal

A hard boiled egg with "../" on it. Sanitize your inputs!
buheratorbuherator@infosec.place
2025-04-16
I've been wondering for a long time if #DirectoryTraversal vulnerabilities could be mitigated by a safe path handling library (similarly to e.g. ORM's). As a side-quest, I stared to implement a prototype for Python, and I'm super interested in your unfiltered opinions:

https://github.com/v-p-b/SafePath/
🛡 H3lium@infosec.exchange/:~# :blinking_cursor:​H3liumb0y@infosec.exchange
2023-10-17

"🔍 Deep Dive into XorDDoS Behavior 🧠"

Before compromising a device, the XorDDoS Trojan initiates a scanning process using HTTP requests to identify potential vulnerabilities. The attackers probe for an HTTP service susceptible to directory traversal, aiming to access the /etc/passwd file. Once vulnerabilities are identified, the attackers use SSH brute-force attacks to gain initial access, followed by malware deployment. The Trojan employs XOR encryption for data related to its execution and communicates with C2 servers, awaiting commands.

The XorDDoS Trojan continues to pose a threat by evolving its tactics, and comprehensive security measures are necessary to mitigate its impact.

Please see the source for more details and an extensive list of IoC's!

Source: Palo Alto Networks - Unit 42

Tags: #XorDDoS #TrojanBehavior #HTTPScanning #DirectoryTraversal #SSHBruteForce #Encryption #C2Communication 🕵️‍♂️🔒🌍

0xberserkr0xberserkr@infosec.exchange
2023-09-30

File Inclusion - I have just completed this room! Check it out: tryhackme.com/room/fileinc #tryhackme #Vulnerabilities #LFI #RFI #DirectoryTraversal #Fileinclusion #Webapp #fileinc via @RealTryHackMe

#infosec #infosecurity #Hacking

Christopher Bauer :debian: :i3wm: :blobcatthinkingglare:anthro_packets@infosec.exchange
2023-08-09

I was today years old when I first learned that windows hosts accept both ..\ *and* ../ for executing local file inclusion.

Whoa. :blob_gnikniht: #directorytraversal #pentesting

CyberkidCyberkid1987@defcon.social
2023-07-06

Grafana Attack Surface: How a Visualization and Monitoring Platform Can Expose Your Organization's Data and File System to Attackers

Article: hadess.io/grafana-attack-surfa

#grafana #ssrf #directorytraversal #bugbountytips

Tarnkappe.infotarnkappeinfo@social.tchncs.de
2023-05-20

📬 Malware-Gefahren im Jahr 2023: Qbot unangefochten auf Platz eins
#ITSicherheit #Malware #AgentTesla #CheckPointSoftware #DirectoryTraversal #log4j #NanoCore #Qakbot #RemoteCodeExecution #RemoteAccessTrojaner tarnkappe.info/artikel/it-sich

Boing Boingboingboingbot@botsin.space
2018-06-06

Zip Slip: a sneaky way to install malware using zip and other packing utilities boingboing.net/2018/06/06/zip- #directorytraversal #security #infosec #youtube #zipslip #videos #Video #floss

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst