emoji-award-marseywholesome
Unable to load image
/h/meta Emoji Award given by @Homoshrexual: "marseywholesome" House Furry
Merryvann capy/bara world's largest rodent  1yr ago (devrama.net) Edited 1yr ago 1,255 thread views #134631
Reported by:

im too lazy to test so i need testers for new update --- badge and 1k mbux for each bug u find :marseycapy:

https://devrama.net/?s=

just go to https://devrama.net and make an account and test all functions of the site, and comment here if u find anything broken

the badge in question:

![](https://rdrama.net/i/badges/7.webp?b=6)

devrama features (not a bug):

  • everyone is janny

  • everyone has 1000000 coins and mbux

known bugs (specific to devrama, not worth fixing tbh):

  • The roulette board is missing completely

  • Casino leaderboards are blank and won’t change

merry christmas!

EDIT: apparently this needed be said, if you find a security vulnerability, pls DM me, don't actually use it or comment about it in this thread

125
New Old Top Bottom Controversial Random
Jump in the discussion.

No email address required.

EDIT: apparently this needed be said, if you find a security vulnerability, pls DM me, don't actually use it or comment about it in this thread

Jump in the discussion.

No email address required.

:#marseytroublemaker:

Jump in the discussion.

No email address required.

:marseyxd:

Jump in the discussion.

No email address required.

Why do you hate fun?

:#marseydisagree:

Jump in the discussion.

No email address required.

☹️🤧

Jump in the discussion.

No email address required.

Ok

My first bug is that I can’t get in the site

![](/images/16721084164736087.webp)

Jump in the discussion.

No email address required.

not a bug, just too much traffic lol

Jump in the discussion.

No email address required.

can I still get the badge tho

Jump in the discussion.

No email address required.

nope

Jump in the discussion.

No email address required.

Can you give it to me for literally no reason?

Jump in the discussion.

No email address required.

nein

Jump in the discussion.

No email address required.

:marseysulk:

Jump in the discussion.

No email address required.

even I have a bug badge lol

Jump in the discussion.

No email address required.

imagine not having the "literally just find a typo" badge. I've noted like three others so far that I won't report simply due to the fact that they're not bugs, but I'd get treated as if they were.

:#marsey:

Jump in the discussion.

No email address required.

what’s up with this?

![](/images/16721118294775498.webp)

Jump in the discussion.

No email address required.

elaborate

where do u see this

Jump in the discussion.

No email address required.

it's a screen-cap from my phone

Jump in the discussion.

No email address required.

All me :marsey57:

![](/images/16721155178704598.webp)

Jump in the discussion.

No email address required.

You should let carp do it. He breaks everything he touches

Jump in the discussion.

No email address required.

:#marseycarpjannie2:

Jump in the discussion.

No email address required.

Is it planned to be crypto-only in the future to be a paypig?

![](/images/16721085616041358.webp)

Also, I made an account and not a janny, not sure if that’s a bug or not since you said everyone would be a janny.

https://i.rdrama.net/images/17269312543163126.webp

Jump in the discussion.

No email address required.

Is it planned to be crypto-only in the future to be a paypig?

no lol

Also, I made an account and not a janny, not sure if that’s a bug or not since you said everyone would be a janny.

fixed king, bounty paid

Jump in the discussion.

No email address required.

:#chadthanksqueencapy:

https://i.rdrama.net/images/17269312543163126.webp

Jump in the discussion.

No email address required.

An Egyptian requesting unpaid labor for a frivolous reward with no actual benefit? Where have I read this in history books :marseyhmm:

Jump in the discussion.

No email address required.

:#marseycapypharaoh:

:#marseycracka: :#marseyjewish:

Jump in the discussion.

No email address required.

Chuds it is imperative we gain control of devrama

![](/images/16721089490362413.webp)

Jump in the discussion.

No email address required.

I got grass awarded :marseycry:

Jump in the discussion.

No email address required.

sry bb, It was my golden chance to sperg

Jump in the discussion.

No email address required.

It’s ok

![](/images/16721100546646857.webp)

Jump in the discussion.

No email address required.

this 1 notification keeps on popping up upon visiting my notifications, usually once or twice.

![](/images/16721144264201138.webp)

Jump in the discussion.

No email address required.

fixed king, bounty paid

Jump in the discussion.

No email address required.

s*gh next exploit goes on the dark web

Surely there's a market

Jump in the discussion.

No email address required.

use DMs for shit like this next time

Jump in the discussion.

No email address required.

I couldn't find the dm button on mobile lol

Jump in the discussion.

No email address required.

![](/images/1672117974649164.webp)

Jump in the discussion.

No email address required.

Sounds like a ux issue to me

Jump in the discussion.

No email address required.

sounds like u need some bussy pounding to me

:hump:

Jump in the discussion.

No email address required.

I got the same but 2 instead

Jump in the discussion.

No email address required.

fixed king, bounty paid

Jump in the discussion.

No email address required.

That means I got javascript to execute in your browser, you're lucky I'm too lazy to check if they setup CORS properly or otherwise exploit this in any way

Jump in the discussion.

No email address required.

There’s a bug where not enough people upmarsey my funniest jokes

Jump in the discussion.

No email address required.

that's def a feature

Jump in the discussion.

No email address required.

I tested it for 5 minutes and it’s good to go!

:#chadfixedkingcapy:

https://files.catbox.moe/y2zrro.png https://i.rdrama.net/images/172082001273549.webp

Jump in the discussion.

No email address required.

Care to explain this codecels?

![](/images/16721133012454925.webp)

Jump in the discussion.

No email address required.

Similar bug but on drama chat, could be actual XSS vector but im too lazy to check

Jump in the discussion.

No email address required.

Similiar but shadowban reason IS an XSS vector

Jump in the discussion.

No email address required.

@Jinglevann this counts as responsible disclosure right

Jump in the discussion.

No email address required.

lol not even close

u get nothing

Jump in the discussion.

No email address required.

lol

:#marseysmug3:

Jump in the discussion.

No email address required.

Wtf i followed all the rules you set

Jump in the discussion.

No email address required.

https://devrama.net/log

Jump in the discussion.

No email address required.

Im not gonna click that lmao

Jump in the discussion.

No email address required.

Similar bug but on drama chat, could be actual XSS vector but im too lazy to check

chat seems fine to me ?

Jump in the discussion.

No email address required.

Though it does let you do html elements, link attacks are maybe possible I guess

Jump in the discussion.

No email address required.

only specific html elements and attributes are allowed

<script> obv isnt

Jump in the discussion.

No email address required.

If href works you can pretend a link is going one place but send them another

Jump in the discussion.

No email address required.

it does not

Jump in the discussion.

No email address required.

Thinking about it more, if you have a redirect url or query parameter that redirects on the site without a whitelist you can use the src attribute of the image tag to similiar effect

Jump in the discussion.

No email address required.

hence why @TwoLargeSnakesMating (rip) GREATLY reduced the scope :marseypedosnipe: of what's allowed to embed. the idea is that we'll allow media :marseyjourno: proxies (but ideally not) but not anything :marseycoleporter: that has an open redirect

Jump in the discussion.

No email address required.

we don't have that lol

Jump in the discussion.

No email address required.

More comments

Based and unhackable-pilled

Jump in the discussion.

No email address required.

I wouldn't allow any if I were you, always get broken imo

Jump in the discussion.

No email address required.

Yeah it stripped the tags, I wasn't exactly putting a lot of effort into blackbox testing from my phone

Jump in the discussion.

No email address required.

Most comment previews allow you to xss yourself, its not really exploitable unless you manage to get it to execute after posting. Not sure if the jannies consider it a real vuln.

Jump in the discussion.

No email address required.

it isn't a vulnerability if you're only attacking yourself

you can also write :marseychudnotes: a file that is <html><body><script>alert('whatever');</script></body></html>, save it as xss.html and then :marseytransflag: open it to get the same effect

Jump in the discussion.

No email address required.

Most comment previews allow you to xss yourself, its not really exploitable until its exploitable

Jump in the discussion.

No email address required.

Two issues:

  1. emoji picker's transparency is red for some reason?

  2. Zombiewolf in anyone's favorites.

![](/images/1672109170345446.webp)

https://i.rdrama.net/images/17187151446911044.webp https://i.rdrama.net/images/17093267613293715.webp https://i.rdrama.net/images/17177781034384797.webp

Jump in the discussion.

No email address required.

emoji picker's transparency is red for some reason?

cuz of xmas theme

Zombiewolf in anyone's favorites

feature, read the text in the screenshot above the emojis

Jump in the discussion.

No email address required.

stop trying to make zombie wolf happen :#marseylegion::#marseyvorezombiewolf::#marseyzombiewolftrample:

Jump in the discussion.

No email address required.

im not, take it up with @DrClaus

trans lives matter

:#trumpjaktalking:

Jump in the discussion.

No email address required.

Wtf?? I HATE @DrClaus now :#marseybeanangry:

Jump in the discussion.

No email address required.

:#platysarcasm::#platymicdrop:

The Platyreich is coming, you cannot avoid it. @Platybells discuss

Jump in the discussion.

No email address required.

We used to rule the dramaverse and will do so again :platyking:

![](https://media.giphy.com/media/ETV4MRojrqsve/giphy.webp)

Jump in the discussion.

No email address required.

:#marseysal:

Jump in the discussion.

No email address required.

Reading is ableist. Also it used to show all anton-d's emojis, not only wolf :marseythonk: and it facts it still does (tested in an incognito window :marseyglow:)

discuss

Jump in the discussion.

No email address required.

r u testing on {{{firefox}}}

try on chrome

trans lives matter

Jump in the discussion.

No email address required.

It works on Chrome too

FIRE-FOXES LIVES MATTER

Jump in the discussion.

No email address required.

K I'll test it later

Jump in the discussion.

No email address required.

Hi @Jinglevann,

Your comment has been automatically removed because you forgot to include trans lives matter.

Don't worry, we're here to help! We won't let you post or comment anything that doesn't express your love and acceptance towards the trans community. Feel free to resubmit your comment with trans lives matter included.

This is an automated message; if you need help, you can message us here.

Jump in the discussion.

No email address required.

Profile background upload no longer makes it your profile's background. Pic is the same I use here

![](/images/16721094965718405.webp)

https://i.rdrama.net/images/17187151446911044.webp https://i.rdrama.net/images/17093267613293715.webp https://i.rdrama.net/images/17177781034384797.webp

Jump in the discussion.

No email address required.

Goombling biggest winner/losers is broken at least in slots

![](/images/16721100571913774.webp)

https://i.rdrama.net/images/17187151446911044.webp https://i.rdrama.net/images/17093267613293715.webp https://i.rdrama.net/images/17177781034384797.webp

Jump in the discussion.

No email address required.

![](/images/1672111654553469.webp)

Jump in the discussion.

No email address required.

When trying to create a post to a hole (self post, no text) I got a "leave site" dialog box as if I tried to close the tab when I had entered text (it still made the post though)

https://i.rdrama.net/images/17187151446911044.webp https://i.rdrama.net/images/17093267613293715.webp https://i.rdrama.net/images/17177781034384797.webp

Jump in the discussion.

No email address required.

self post, no text

what do you mean by this

Jump in the discussion.

No email address required.

https://devrama.net/h/created-a-hole-club-wow/post/79/post-about-cool-holes-you-created

This was the post, I guess I did put text in there. Screenshot is what happens when I try to post in a hole (Brave, Win10 if that matters). The browser gets angry when I ignore the popup, but it makes the post if I click "leave". Seems to otherwise post normal- https://devrama.net/h/created-a-hole-club-wow/post/121/testing-xd

I guess the browser thinks you're leaving the page with a filled, but unsubmitted form when it redirects you after you click post or something? It didn't happen when I made a test post to the main feed earlier. IDK if other people had the same thing or not.

![](/images/16721193514632485.webp)

https://i.rdrama.net/images/17187151446911044.webp https://i.rdrama.net/images/17093267613293715.webp https://i.rdrama.net/images/17177781034384797.webp

Jump in the discussion.

No email address required.

i changed my mind, its a bug, bounty paid king

Jump in the discussion.

No email address required.

Profile background upload no longer makes it your profile's background. Pic is the same I use here

feature for xmas theme

Jump in the discussion.

No email address required.


Link copied to clipboard
Action successful!
Error, please refresh the page and try again.