Facebook Messenger Desktop App Arbitrary File Read

  1. Attacker sends a malicious link to unknown victim
  2. Victims open Spam section and Clicks the link
  3. Using <webview> we load an internal file
  4. With <webview>.executeJavaScript(code) we steal it’s content




Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium


What is this React Hooks

Learn JavaScript with Program Templates

Axios vs Fetch

classnames and css Modules

Introducing React Data Fetching 🎣

Top 5 Nodejs eCommerce development companies in 2020

Reactive Streams in JavaScript with RSocket Flowable

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


More from Medium

File Upload Vulnerabilities: From a Developer’s Perspective

XSS Attacks

How I was able to find multiple vulnerabilities of a Symfony Web Framework web application

SQL injection UNION attack to retrieve multiple values within a single column