#directoryTraversalMemes seem to become a classic, but I wonder if anyone has a list of specific payloads that trigger the different vulnerabilities of recent memory?

/cc @reverseics @cR0w

@cR0w @reverseics My theory is that a) URL's are the new filesystems and b) abstracting away control ("..") from data ("etc") would have an unacceptable overhead compared to SQL (ORMs) or even HTML (DOM sanitizers), so the memes are here to stay :)

@GossiTheDog @reverseics @cR0w Great you chime in! Any plans to release that x-user Recall exploit you talked about?

https://infosec.place/notice/AieinAN5CpyKNShdvE

@GossiTheDog @reverseics @cR0w But could *non-admin* users access the DB of *other* users? SQLite or not, this should not be possible (in general...). If it was possible back then (as it was suggested by you and articles based on your comments), then now would be the best time for all to see what the problem was to check if the same or similar problem is present in the implementation that is to be released.

@GossiTheDog @reverseics @cR0w Thank you for the clarification!