This is how it's supposed to be done!

Also, the "Practical Exploitation Example" given in the article does nothing. It just calls the tool (supposedly the "vulnerable" one from above) with the payload {"title": "test", "severity": high"} and returns the output. This simply calls notify-send with the argument "test - high". Nothing bad happens and no RCE is demonstrated.

Can I call this a #vibesploit?

🧵 2/3