/h/meta

Emoji Award given by @MayflyAlt-98: "marseyarabcelebration"

Emoji Award given by @rDramaHistorian: "marseyshooting"

Emoji Award given by @DWHITE___________DYNAMITE: "trans"

Merryvann capy/bara world's largest rodent 9mo ago (text post) Edited 9mo ago 2,834 thread views #245296 spent 1,640 currency on pings

full receipts for why @transb-word was banned

first:

second:

third:

btw the "exploit" was pretty nothingburger in the end and was fixed, so don't worry about that

!metashit !codecels !jannies

560

Block /h/meta

223

Jump in the discussion.

No email address required.

View entire discussion

fuck we/us :marseywalking:

9mo ago #5925539

Can someone explain what @transb-word thought xer exploit could do? Even if it was nothing in the end, wtf was it?

For all I know it could be a way to steal everyone's password or something

64 Context

Merryvann capy/bara world's largest rodent fuck 9mo ago #5925549

she thought you could run remote javascript with it, which would allow the attacker to run a keylogger on your browser or do other harmful shit like that

more info on that: https://en.wikipedia.org/wiki/Cross-site_scripting

in reality, the most harm it could do was just change the page layout a bit (due to our CSP), and that was fixed now

86 Context

ULTRA-NIGMATIC-MEGA-HOHO funy/cats

Merryvann 9mo ago #5925735

Is the part about a "crafted media file which also happens too be valid JS" just bullshit?

trans lives matter

9 Context

Merryvann capy/bara world's largest rodent ULTRA-NIGMATIC-MEGA-HOHO 9mo ago #5925747

yeah bullshit for 2 reasons

we reencode all video files to .mp4
nginx automatically sets a content-type of "video/mp4" to all videos we serve

so you can't really do that

19 Context

ThousandBestLives build/break Merryvann 9mo ago #5927316

Thank god he was too lazy to figure out his sploit was doa or he'd still be here

Trans lives matter

7 Context

ULTRA-NIGMATIC-MEGA-HOHO funy/cats

ThousandBestLives 9mo ago #5927536

Sometimes you just get overexcited :marseydance:

But darn, not even an ethical blackhatter :marseyannoyed: Imagine if some poor script kiddy actually paid for this r-slur's bottom surgery just to find out that it didn't work because he didn't actually confirm his assumptions

7 Context

icebornZombie reeee/tard Brussel sprouts are an abomination to the good name of vegetables Merryvann 9mo ago #5925574

What the frick is CSP?

God darn codecels and their acronyms

53 Context

Merryvann capy/bara world's largest rodent icebornZombie 9mo ago #5925579

https://en.wikipedia.org/wiki/Content_Security_Policy

63 Context

icebornZombie reeee/tard Brussel sprouts are an abomination to the good name of vegetables Merryvann 9mo ago #5925622

:ca#pylove:

46 Context

ManletMinion007 they/them Merryvann 9mo ago #5925615

You shouldn't coddle the weblets.

40 Context

not-dua-lipa trickno/logist rdrama's #1 ContraPoints stan :taylove:

youtube.com/@ContraPoints?sub_confirmation=1 icebornZombie 9mo ago #5925813

Contain, Secure and Protect

23 Context

NO rang/kang :!vegetaleave:

not-dua-lipa 9mo ago #5925898

There :marseycheerup: has to be an SCP about dyslexia

20 Context

Chapose Asuna/Kirito I would kill to kill a waifu. icebornZombie 9mo ago #5926813

Child Service Protection

13 Context

cyberdick pedda/modda Dead name deez nutz ya queer. 🍒🍆 icebornZombie 9mo ago #5927955

Coochie Security Policy

6 Context

whyareyou super/man cyberdick 9mo ago #5931024

dang. u have to imagine with me because there's impressionable youths in my vicinity but I'm imagining going to an image search and finding a picture of a hot chastity belt, and inserting that here as a comment

2 Context

LotionInTheBasket they/them Merryvann 9mo ago #5925627 Edited 9mo ago

Does this have anything to do with why we have to make an account to browse the site now and why this cloudflare message shows up?

27 Context

XD VAX/MAXXED I think you are cool sometimes LotionInTheBasket 9mo ago #5926328

only so far as "Capybaras can't make a functional website"

:#marsey:

19 Context

Merryvann capy/bara world's largest rodent XD 9mo ago #5926442

we're being DDOS'd intermittently

39 Context

skankhunt42 nuclear/shill boozers DNI Merryvann 9mo ago #5926700

Any idea who's doing it? :lizfongjones: ?

15 Context

Merryvann capy/bara world's largest rodent skankhunt42 9mo ago #5926822

not a clue

14 Context

CHRISTMAS-LOVER-25 lick/bird/fish :horny:

Merryvann 9mo ago #5927275

I might be doing so unintentionally, my VPN has really volatile reactions with my mobile network.

12 Context

XD VAX/MAXXED I think you are cool sometimes Merryvann 9mo ago #5926500

Directly Determined Of Shitcode :marseyindignant:

:#marsey:

11 Context

Merryvann capy/bara world's largest rodent LotionInTheBasket 9mo ago #5925638

nope

20 Context

fuck we/us :marseywalking:

Merryvann 9mo ago #5925572

:marseyyikes:

wtf ban all programmer socks users immediately

37 Context

89wc th/thh kalm fuck 9mo ago #5925720

(the following is not backed by any reputable authority)

i'm pretty sure most browsers at this point take extra measure to stop this attack, or at least cut it off from websites outside of the attack domaim (in this case rdrama)

otherwise anyone could just get u on a website that's secretly theirs and frick up ur whole shit like scrape up ur bank details and other doxx info.

the really annoying thing is the keylogging which means they'd be able to see ur DM's as you type them.

or if an admin gets caught they can turn every click of a mouse into a "ban last user who posted" event