- cross-posted to:
- interestingreads@lemmonade.marbledfennec.net
- cross-posted to:
- interestingreads@lemmonade.marbledfennec.net
Found the error Not allowed to load local resource: file:///etc/passwd
while looking at infosec.pub’s communities page. There’s a community called “ignore me” that adds a few image tags trying to steal your passwd file.
You have to be extremely poorly configured for this to work, but the red flags you see should keep you on your toes for the red flags you don’t.
I cracked the BMC on my workstation motherboard by binwalking the publicly available firmware and finding, to my delight and dread, that the built in root user password was laughably weak. If a top5 motherboard manufacturer is still doing shit like that, users are too.
I also work in support and have seen first hand the bananas things people do, even smart people that should know better