Facebook Messenger Desktop App Arbitrary File Read

  1. Attacker sends a malicious link to unknown victim
  2. Victims open Spam section and Clicks the link
  3. Using <webview> we load an internal file
  4. With <webview>.executeJavaScript(code) we steal it’s content

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

its about my ARRAY CRUDL OPERTION:

What is this React Hooks

Learn JavaScript with Program Templates

Axios vs Fetch

classnames and css Modules

Introducing React Data Fetching 🎣

Top 5 Nodejs eCommerce development companies in 2020

Reactive Streams in JavaScript with RSocket Flowable

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Renwa

Renwa

More from Medium

File Upload Vulnerabilities: From a Developer’s Perspective

XSS Attacks

How I was able to find multiple vulnerabilities of a Symfony Web Framework web application

SQL injection UNION attack to retrieve multiple values within a single column