1·
1 year agoyou don’t need to be root to read /etc/passwd
- 0 Posts
- 3 Comments
Joined 2 years ago
Cake day: June 18th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
However, the two Jumpsec Red Team members found that they could go around the restriction by changing the internal and external recipient ID in the POST request of a message, thus fooling the system into treating an external user as an internal one.
so they only do the check on client side. classic.
yup pretty sure
$ cat /etc/passwd fox:hunter2:1000:1000::/home/fox:/usr/bin/zsh😉