emoji-award-trans
emoji-award-marseyshooting
emoji-award-marseymini
emoji-award-marseyarabcelebration
Unable to load image
Reported by:

full receipts for why @transb-word was banned

first:

https://i.rdrama.net/images/17077252463240108.webp

second:

https://i.rdrama.net/images/17076194525278323.webp

third:

https://pomf2.lain.la/f/5g9g3hj1.jpg

btw the "exploit" was pretty nothingburger in the end and was fixed, so don't worry about that

!metashit !codecels !jannies

223
Jump in the discussion.

No email address required.

Can someone explain what @transb-word thought xer exploit could do? Even if it was nothing in the end, wtf was it?

For all I know it could be a way to steal everyone's password or something

Jump in the discussion.

No email address required.

she thought you could run remote javascript with it, which would allow the attacker to run a keylogger on your browser or do other harmful shit like that

more info on that: https://en.wikipedia.org/wiki/Cross-site_scripting

in reality, the most harm it could do was just change the page layout a bit (due to our CSP), and that was fixed now

Jump in the discussion.

No email address required.

Does this have anything to do with why we have to make an account to browse the site now and why this cloudflare message shows up?

Jump in the discussion.

No email address required.

only so far as "Capybaras can't make a functional website"


:#marsey:

Jump in the discussion.

No email address required.

we're being DDOS'd intermittently

https://i.rdrama.net/images/1707743882687982.webp

Jump in the discussion.

No email address required.

Directly Determined Of Shitcode :marseyindignant:


:#marsey:

Jump in the discussion.

No email address required.

Any idea who's doing it? :lizfongjones:?

Jump in the discussion.

No email address required.

not a clue

Jump in the discussion.

No email address required.

Reported by:

I might be doing so unintentionally, my VPN has really volatile reactions with my mobile network.

Jump in the discussion.

No email address required.

nope

Jump in the discussion.

No email address required.

What the frick is CSP?

God darn codecels and their acronyms

Jump in the discussion.

No email address required.

Jump in the discussion.

No email address required.

:ca#pylove:

Jump in the discussion.

No email address required.

You shouldn't coddle the weblets.

Jump in the discussion.

No email address required.

Contain, Secure and Protect

Jump in the discussion.

No email address required.

There :marseycheerup: has to be an SCP about dyslexia

Jump in the discussion.

No email address required.

Child Service Protection

Jump in the discussion.

No email address required.

Coochie Security Policy

Jump in the discussion.

No email address required.

dang. u have to imagine with me because there's impressionable youths in my vicinity but I'm imagining going to an image search and finding a picture of a hot chastity belt, and inserting that here as a comment

Jump in the discussion.

No email address required.

:marseyyikes:

wtf ban all programmer socks users immediately

Jump in the discussion.

No email address required.

(the following is not backed by any reputable authority)


i'm pretty sure most browsers at this point take extra measure to stop this attack, or at least cut it off from websites outside of the attack domaim (in this case rdrama)

otherwise anyone could just get u on a website that's secretly theirs and frick up ur whole shit like scrape up ur bank details and other doxx info.

the really annoying thing is the keylogging which means they'd be able to see ur DM's as you type them.

or if an admin gets caught they can turn every click of a mouse into a "ban last user who posted" event

Jump in the discussion.

No email address required.

that's good if xhe is too much of brainlet to get around those extra measures. not that it matters, i'm perma-logged in and idc about ppl in my DMs.

still, all valids need to be banned for even thinking of doing brazen shit like that

Jump in the discussion.

No email address required.

>or if an admin gets caught they can turn every click of a mouse into a "ban last user who posted" event

This should be implemented as a 1:10000000 chance event just for funsies

There's a precedent for it too, when /r/drama banned 90% of subscribers at random during their 100k celebration (that i got banned during)

Jump in the discussion.

No email address required.

no you didn't


:#marsey:

Jump in the discussion.

No email address required.

https://i.rdrama.net/images/17077432322586281.webp

Jump in the discussion.

No email address required.

faked image


:#marsey:

Jump in the discussion.

No email address required.

:marseycope:

Jump in the discussion.

No email address required.

More comments

Once again the Pharaohs is protecting his many subjects with his wisdom.

Thank you Moon and Stars :capypharaoh: :marseykneel:

Jump in the discussion.

No email address required.

Is the part about a "crafted media file which also happens too be valid JS" just bullshit?

trans lives matter

Jump in the discussion.

No email address required.

yeah bullshit for 2 reasons

  • we reencode all video files to .mp4

  • nginx automatically sets a content-type of "video/mp4" to all videos we serve

so you can't really do that

Jump in the discussion.

No email address required.

Thank god he was too lazy to figure out his sploit was doa or he'd still be here

Trans lives matter

Jump in the discussion.

No email address required.

Sometimes you just get overexcited :marseydance:

But darn, not even an ethical blackhatter :marseyannoyed: Imagine if some poor script kiddy actually paid for this r-slur's bottom surgery just to find out that it didn't work because he didn't actually confirm his assumptions

Jump in the discussion.

No email address required.

>our CP

:#tayrun:

Jump in the discussion.

No email address required.

I laughed gg

Jump in the discussion.

No email address required.

That's why I use NoScript.

:#marseythumbsup:

Jump in the discussion.

No email address required.

Link copied to clipboard
Action successful!
Error, please refresh the page and try again.