Currently ignored steemit.com exploits

in O.G.3 years ago

There are a number of possible (unconfirmed) exploits that are uninvestigated on steemit.com, related to the fact that they do not maintain the code, such as:

  • iframe validation exploits need to prevent exploits based on browsers' tolerance of the use of ""rather than "/" and the presence of whitespace at this point in the URL.
  • Need to uses the standard WHATWG URL parser to stop IDNA (Internationalized Domain Name) attacks on the iframe hostname validator.
  • pdf generator needs to be audited for leaks to prevent new/existing accounts from losing control of their private keys.
  • Possible SSRF exploit: https://github.com/axios/axios/pull/3410

Scary stuff. You should switch to Hive, where stuff like this is maintained instead of ignored and downvoted (like this post is):

https://hiveonboard.com/?ref=inertia





The dump also contains a list of millions of prime factors, a 0-day Tamagotchi exploit, and a technique for getting gcc and bash to execute arbitrary code.

#steem #hack
3 years ago in O.G. by
$0.08
  • Past Payouts $0.08, 0.00 TRX
  • - Author $0.04, 0.00 TRX
  • - Curators $0.04, 0.00 TRX
30 votes
Reply 1
Sort:  
  • Trending