A while ago, while trying to learn some basics of cyber security, I had the impression that Nairaland has a very fragile security system for many frontend operations. So I challenged myself to find a security bug.

Had tried for over a long while to comment on Islam section without swearing the necessary oath by bypassing the security checks and so on.
I kinda failed. Was able to comment but the comment vanished after getting posted and I'd be redirected to the front page. (Previously it'll just tell you that you can't do the action)

Now I just realised a little bug that allows me to like posts when I'm banned. (The like button normally disappears if you're banned)

So I have hope there's a way to exploit this platform to at least continue posting after you're banned (just like I can now like posts after getting banned).

So Devs in the house and cyber security pros...
Can we check something?

I was relying on the power of developer's console and it's ability to run JavaScript codes in ways that the front-end doesn't anticipate.

Like commenting on a post and replacing the ID of key elements so the website ends up submitting the comment on the thread where you're banned...
Who understands what I'm hoping to achieve and can help?

PulsingPurple:
A while ago, while trying to learn some basics of cyber security, I had the impression that Nairaland has a very fragile security system for many frontend operations. So I challenged myself to find a security bug.

Had tried for over a long while to comment on Islam section without swearing the necessary oath by bypassing the security checks and so on.
I kinda failed. Was able to comment but the comment vanished after getting posted and I'd be redirected to the front page. (Previously it'll just tell you that you can't do the action)

Now I just realised a little bug that allows me to like posts when I'm banned. (The like button normally disappears if you're banned)

So I have hope there's a way to exploit this platform to at least continue posting after you're banned (just like I can now like posts after getting banned).

So Devs in the house and cyber security pros...
Can we check something?

I was relying on the power of developer's console and it's ability to run JavaScript codes in ways that the front-end doesn't anticipate.

Like commenting on a post and replacing the ID of key elements so the website ends up submitting the comment on the thread where you're banned...
Who understands what I'm hoping to achieve and can help?

I understand you perfectly.

Had tried this too before but didn't give it much stress since Nairaland wasn't worth it.

Very Innovative thinking. The main way to find a security but is through an SQL inject or just PHP, Javascript is limited

100millionGoal:


I understand you perfectly.

Had tried this too before but didn't give it much stress since Nairaland wasn't worth it.

Ohh... Well,
Just a way to explore what I've learnt.
Not intending to get a reward after 🤲

danielclerkson:
Very Innovative thinking. The main way to find a security but is through an SQL inject or just PHP, Javascript is limited

I'm thinking Nairaland is protected against SQL injection, pretty sure that's how they were hacked last time.

Also think JavaScript is very underrated, that's the stuff that powered many XSS attacks in the past

PulsingPurple:
A while ago, while trying to learn some basics of cyber security, I had the impression that Nairaland has a very fragile security system for many frontend operations. So I challenged myself to find a security bug.

Had tried for over a long while to comment on Islam section without swearing the necessary oath by bypassing the security checks and so on.
I kinda failed. Was able to comment but the comment vanished after getting posted and I'd be redirected to the front page. (Previously it'll just tell you that you can't do the action)

Now I just realised a little bug that allows me to like posts when I'm banned. (The like button normally disappears if you're banned)

So I have hope there's a way to exploit this platform to at least continue posting after you're banned (just like I can now like posts after getting banned).

So Devs in the house and cyber security pros...
Can we check something?

I was relying on the power of developer's console and it's ability to run JavaScript codes in ways that the front-end doesn't anticipate.

Like commenting on a post and replacing the ID of key elements so the website ends up submitting the comment on the thread where you're banned...
Who understands what I'm hoping to achieve and can help?

seun right now
👀
👄

turmacs:
seun right now
👀
👄

You take style mention mod for thread, now them go comot am...

Btw Seun if you ever see this, read this post:
https://www.nairaland.com/8141170/six-months-counting#130739304