3 points | by faxmeyourcode 6 hours ago ago
3 comments
I am not the author of this post. The exploration of the scheme based sandbox permissions DSL was interesting to me. It's a classic issue of a custom parser with bad input validation.
thanks for sharing! yes, it's a textbook vulnerability that was really quite trivial to exploit.
It was a fun read - digestible for those of us without a ton of experience in advanced security background knowledge.
I am not the author of this post. The exploration of the scheme based sandbox permissions DSL was interesting to me. It's a classic issue of a custom parser with bad input validation.
thanks for sharing! yes, it's a textbook vulnerability that was really quite trivial to exploit.
It was a fun read - digestible for those of us without a ton of experience in advanced security background knowledge.