Thursday, 21 January 2021
quote [ Security Researcher RamaDhan found a Open Redirect vulnerability affecting sensibleendowment.com website and its users. ]
So was this every fixed?!
Or that why Reddit stopped mirroring 4 years ago?
|
lilmookieesquire said @ 12:51am GMT on 21st Jan
[Score:1 Funsightful]
God damn it Steele I have millions of dollars in BitPog keys stores in this site.
|
donnie said[1] @ 1:22am GMT on 21st Jan
Damn the BitPogs - what about my trade secrets and geopolitical kompromat?!
|
R1Xhard said[1] @ 9:34am GMT on 21st Jan
Awh pretty pogs, I'll trade you some tarzo's.
|
steele said @ 2:18am GMT on 21st Jan
[Score:1 Good]
Oh, and i stopped the reddit mirror because we were getting too many nazis from there.
|
lilmookieesquire said @ 4:28am GMT on 22nd Jan
Probably after my BitPogs. Those bastards.
|
steele said @ 2:16am GMT on 21st Jan
Lol, i "fixed" it. Which is to say everyonce in a while i'll catch someone overexploiting it and i hijack their redirects towards whatever site i'm in the mood to send bot traffic to.
|
avid said @ 6:23am GMT on 21st Jan
So, settle a bet for me:
When I posted this, did the PHP/perl in the backend have to process all previous posts? |
R1Xhard said @ 9:38am GMT on 21st Jan
[Score:1 Underrated]
One would hope not, but with faster r processesing power "poor" code can be equated for.
|
steele said @ 11:40am GMT on 21st Jan
Long answer, there's a couple of checks it does. I can't remember if it checks the comment itself for duplicates, but it does check a randomized hash associated with your comment box for a duplicate to ensure that you didn't double smash the post button. But the short answer is yes.
|
avid said @ 1:54am GMT on 22nd Jan
So that's why it takes 15 seconds to post this reply?
If you want to prevent double-smash, just set a cookie "last-smash-time" and check it client side. |
steele said @ 12:52pm GMT on 22nd Jan
One of the reasons.
Thanks, I'll look into it. |
apomorph said @ 11:37am GMT on 22nd Jan
I mean, any chance this is related to our logins showing up in the Cit0day list?
|
steele said @ 12:52pm GMT on 22nd Jan
Nope. SE doesn't store your password in plaintext, nor has it ever been breached, as far as I'm aware.
|
donnie said @ 9:44pm GMT on 22nd Jan
[Score:-1 Boring]
filtered comment under your threshold |
ooo[......7 said @ 10:34pm GMT on 22nd Jan
[Score:-1]
filtered comment under your threshold |
donnie said @ 11:22pm GMT on 22nd Jan
[Score:-1]
filtered comment under your threshold |