Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / NewStats: 3,201,411 members, 7,978,294 topics. Date: Friday, 18 October 2024 at 04:11 AM |
Nairaland Forum / Science/Technology / Programming / Who Can Attempt This? (275 Views)
Alarming New Censorship Attempt, Russia Claims To Be Blocking Facebook [META PRO / Attempt This Proven Sales Tactics... (2) (3) (4)
Who Can Attempt This? by PulsingPurple(m): 1:00pm On Aug 03 |
A while ago, while trying to learn some basics of cyber security, I had the impression that Nairaland has a very fragile security system for many frontend operations. So I challenged myself to find a security bug. Had tried for over a long while to comment on Islam section without swearing the necessary oath by bypassing the security checks and so on. I kinda failed. Was able to comment but the comment vanished after getting posted and I'd be redirected to the front page. (Previously it'll just tell you that you can't do the action) Now I just realised a little bug that allows me to like posts when I'm banned. (The like button normally disappears if you're banned) So I have hope there's a way to exploit this platform to at least continue posting after you're banned (just like I can now like posts after getting banned). So Devs in the house and cyber security pros... Can we check something? I was relying on the power of developer's console and it's ability to run JavaScript codes in ways that the front-end doesn't anticipate. Like commenting on a post and replacing the ID of key elements so the website ends up submitting the comment on the thread where you're banned... Who understands what I'm hoping to achieve and can help? |
Re: Who Can Attempt This? by 100millionGoal: 8:45pm On Aug 03 |
PulsingPurple: I understand you perfectly. Had tried this too before but didn't give it much stress since Nairaland wasn't worth it. 2 Likes |
Re: Who Can Attempt This? by danielclerkson(m): 5:25am On Aug 04 |
Very Innovative thinking. The main way to find a security but is through an SQL inject or just PHP, Javascript is limited 1 Like |
Re: Who Can Attempt This? by PulsingPurple(m): 8:10am On Aug 04 |
100millionGoal:Ohh... Well, Just a way to explore what I've learnt. Not intending to get a reward after 🤲 |
Re: Who Can Attempt This? by PulsingPurple(m): 8:13am On Aug 04 |
danielclerkson: I'm thinking Nairaland is protected against SQL injection, pretty sure that's how they were hacked last time. Also think JavaScript is very underrated, that's the stuff that powered many XSS attacks in the past |
Re: Who Can Attempt This? by turmacs(f): 4:44pm On Aug 04 |
PulsingPurple:seun right now 👀 👄 |
Re: Who Can Attempt This? by PulsingPurple(m): 5:24pm On Aug 04 |
turmacs: You take style mention mod for thread, now them go comot am... Btw Seun if you ever see this, read this post: https://www.nairaland.com/8141170/six-months-counting#130739304 |
(1) (Reply)
Website And App. Developers In Lagos / #ideas 0004 - Virtual "Administrative"Â assistance Service For Small Businesses / Can This App Help Solve Police Brutality, Domestic/sexual Violence In Nigeria?
(Go Up)
Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health religion celebs tv-movies music-radio literature webmasters programming techmarket Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 28 |