I just hacked your web application.

FAQ

What does this mean?

I have found a severe vulnerability (CVSS score >= 7) in your live web application.

Why did you do this?

There are several reasons I may search for vulnerabilities in a web application. These include, but are not limited to:

• Personal interest,

• Fulfilling a challenge,

• Monetary incentives.

Am I in danger?

No - not yet. But you should fix the beforementioned vulnerability ASAP. Otherwise I will be forced to issue a security release, which may put your web application in jeopardy.

I don't believe my web application has a vulnerability. Can you prove it?

Sure, mistakes happen. But only in exceedingly rare circumstances will acclaim a false vulnerability. If you would like to issue an appeal, shoot me a private message explaining why I am wrong. I tend to respond to rDrama PMs within several minutes. Do note, however, that over 99.9% of vulnerability appeals are rejected, and yours is likely no exception.

How can I prevent this from happening in the future?

Fix the vulnerability and move on. But learn from this mistake: your mistakes will not be tolerated on rDrama. I will continue to find vulnerabilities until you improve your code. Remember: Safe code is privilege, not a right.

Snapshots:

• ghostarchive.org

• archive.org

• archive.ph (click to archive)