Replacing WeTTY

https://wh0.github.io/2023/08/19/wetty-origin.html

Two years ago, I discovered a vulnerability in Glitch’s web terminal that allowed an attacker to steal a user’s authentication tokens when the user visits a specially crafted URL. This issue is now fixed.

I earlier posted about discovering a way to get root access on Glitch, mentioning that I had been researching something that an attacker with root access could do. It’s been almost two years since then, and here it is at last.

5 Likes

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.