#directoryTraversalMemes seem to become a classic, but I wonder if anyone has a list of specific payloads that trigger the different vulnerabilities of recent memory?

/cc @reverseics @cR0w

@buherator @reverseics Not that I know of, but that would be a nice resource. I certainly never expected the #directoryTraversalMemes thing to go on as long as it has, but the memeing will continue until the code improves.

@cR0w @reverseics My theory is that a) URL's are the new filesystems and b) abstracting away control ("..") from data ("etc") would have an unacceptable overhead compared to SQL (ORMs) or even HTML (DOM sanitizers), so the memes are here to stay :)

@buherator @reverseics At least we can keep ourselves entertained while we watch it all burn.

@GossiTheDog @reverseics @cR0w Great you chime in! Any plans to release that x-user Recall exploit you talked about?

https://infosec.place/notice/AieinAN5CpyKNShdvE

@GossiTheDog @reverseics @cR0w But could *non-admin* users access the DB of *other* users? SQLite or not, this should not be possible (in general...). If it was possible back then (as it was suggested by you and articles based on your comments), then now would be the best time for all to see what the problem was to check if the same or similar problem is present in the implementation that is to be released.

@GossiTheDog @reverseics @cR0w Thank you for the clarification!