module
Selenium arbitrary file read
| Disclosed | Created |
|---|---|
| Oct 1, 2020 | Jan 8, 2025 |
Disclosed
Oct 1, 2020
Created
Jan 8, 2025
Description
If there is an open selenium web driver, a remote attacker can send requests to the victims browser.
In certain cases this can be used to access to the remote file system.
In certain cases this can be used to access to the remote file system.
Authors
Jon Stratton
Takahiro Yokoyama
Takahiro Yokoyama
Platform
Cisco,Linux,OSX,Unix,Windows
Architectures
x86, x86_64, x64, mips, mipsle, mipsbe, mips64, mips64le, ppc, ppce500v2, ppc64, ppc64le, cbea, cbea64, sparc, sparc64, armle, armbe, aarch64, cmd, php, tty, java, ruby, dalvik, python, nodejs, firefox, zarch, r, riscv32be, riscv32le, riscv64be, riscv64le, loongarch64
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.