Selenium Grid 4.11.0 Selenoid Backend Detection and Safe Session Validation Inspector

The provided Python script is a non-exploit reconnaissance and validation tool designed to identify Selenium Grid or Selenoid deployments exposed via HTTP APIs...

Selenium Grid/Selenoid Unauthenticated RCE

Selenium Grid and Selenoid expose a WebDriver API that allows creating browser sessions with arbitrary capabilities. When deployed without authentication the default for both, an attacker can achieve remote code execution through two browser-specific techniques: For Chrome, the goog:chromeOptions...

📄 Selenium Grid/Selenoid Unauthenticated Remote Code Execution

Selenium Grid and Selenoid expose a WebDriver API that allows creating browser sessions with arbitrary capabilities. When deployed without authentication the default for both, an attacker can achieve remote code execution through two browser-specific techniques: For Chrome, the goog:chromeOptions...

Mail.ru: Open Selenoid instance at 188.93.63.186 leads to LFR/SSRF.

Externally accessible Selenoid instance in Mail.Ru Games network was vulnerable to LFR and SSRF via URI injection...