+- Dark C0d3rs (https://darkcoders.wiki)
+-- Forum: Exploit Log (https://darkcoders.wiki/Forum-Exploit-Log)
+--- Forum: Research Papers/Vulnerability reports (https://darkcoders.wiki/Forum-Research-Papers-Vulnerability-reports)
+--- Thread: HackerOne Disclosed Reports - 2025-05-24 (/Thread-HackerOne-Disclosed-Reports-2025-05-24)
HackerOne disclosed reports - 2025-05-24 - hashXploiter - 05-25-2025
Medium
resolved
resolved
WASI sandbox escape via symlink
Bug reported by Jesse Wilson was disclosed at May 24, 2025, 10:33 am | Privilege Escalation
A WASI + WASM program was discovered to be able to use `path_symlink` to read arbitrary files on the host machine by creating a symlink in a preopen to a different location on the local file system, thereby escaping the WASI sandbox.