Replacing WeTTY

Two years ago, I discovered a vulnerability in Glitch’s web terminal that allowed an attacker to steal a user’s authentication tokens when the user visits a specially crafted URL. This issue is now fixed.

I earlier posted about discovering a way to get root access on Glitch, mentioning that I had been researching something that an attacker with root access could do. It’s been almost two years since then, and here it is at last.


This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.