@ee i feel like I am pretty notorious for hacking…. something. I can’t tell for anonymity purposes, but @micahlt knows who I am, and what I found….. a few vulnerabilitys in.
@ee i feel like I am pretty notorious for hacking…. something. I can’t tell for anonymity purposes, but @micahlt knows who I am, and what I found….. a few vulnerabilitys in.
What, is it one of my projects? Or the scratch project archive? Or smth else?
I hacked a Micahlt project. I will reveal no more for anonymity.
Xss?
m a n y xss
Oof
Was it hard to hack?
No… it was a mess. 99% of all user input was not sanitized.
Must have been hastily built bc Micah doesn't usually make stuff that badly, and its actually really easy to sanitize input. Even just a RegEx can do a lot
It was one of his biggest and most popular projects.
:O did i overestimate him?
yes. and after all the vulnerabilities were fixed, and he had an amazing developer friendly site, he… completely restarted the project. :clap:
And someone else found a vulnerability that allowed you to log into anyones account.
Is it itchy?
I am not confirming nor denying any questions about what project it is. Remember, anonymity.
Ok, l understand sorry
It’s a bug in Modchat. You’re right, I don’t do things hastily, but I do have no idea what I’m doing when it comes with security. Modchat is the first standalone app I’ve built that requires me to save usernames and passwords, and it’s been a big learning curve for me. As far as restarting the project, the original Modchat’s codebase was absolutely awful and not maintainable. We started over and I’m much happier about where the code is now.
Oh oof sorry about that
No problem - we're aware of the current vulnerability and we're working on a fix at the moment.