Ron Garret rongarret
rongarret
/ gist:d8987c9cd57bd768e1de
Last active
August 29, 2015 14:17
Safari FILE: scheme security hole
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| It appears that Safari does not enforce any kind of access | |
| restrictions for XMLHTTPRequests on FILE: scheme URLs. As a | |
| result, any HTML file on the local file system that is opened in | |
| Safari can read any file that the user has access to (and, of | |
| course, it can upload those files too). Here's a little | |
| proof-of-concept. Copy and paste this into a local HTML file and | |
| open it in Safari. It will display the contents of /etc/passwd. | |
| <script src=https://code.jquery.com/jquery-2.1.3.min.js></script> | |
| <script> |
rongarret
/ webutils-demo.lisp
Created
June 22, 2022 13:45
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (require :webutils) | |
| (ensure-http-server 1234) | |
| (defv ti1 (textinput :ti1)) | |
| (defv ti2 (textarea :ti2 40 5)) | |
| (defv pwi (pwinput :pwi)) | |
| (defv ta (textarea :ta1 80 5)) |