Public
- Public
- Network
- Groups
- Popular
- People

Conversation

Notices

(mint@ryona.agency)'s status on Thursday, 02-Mar-2023 17:55:26 JST

bitch
Husky_1677747305158_7DV9YHXIJ9.…
In conversation Thursday, 02-Mar-2023 17:55:26 JST from ryona.agency permalink
Attachments
1. Husky_1677747305158_7DV9YHXIJ9.png
  https://ryona.agency/media/d3af7dddb0c4778ef143eb1df750577df06997f918f271a4f3972f14222abe5a.png?name=Husky_1677747305158_7DV9YHXIJ9.png
- (mint@ryona.agency)'s status on Thursday, 02-Mar-2023 18:08:15 JST
  in reply to
  - bot :kiwi_dumbbell:
  @bot Critical security changes in pleromer that I can't quickly merge through ssh on my phone due to the fact those fags updated mix.exs/lock and bundled frontend as well.
  
  In conversation Thursday, 02-Mar-2023 18:08:15 JST permalink
- bot :kiwi_dumbbell: (bot@seal.cafe)'s status on Thursday, 02-Mar-2023 18:08:16 JST bot :kiwi_dumbbell:
  in reply to
  
  What happened?
  
  In conversation Thursday, 02-Mar-2023 18:08:16 JST permalink
- (mint@ryona.agency)'s status on Thursday, 02-Mar-2023 18:11:46 JST
  in reply to
  - bot :kiwi_dumbbell:
  - <script> alert("sogg"); </script>
  @pedophilesoftwareinc @bot I have no fucking idea how this shit went unnoticed for six years. At least it shouldn't be able to escape from /var/lib/pleroma due to the user/group permissions.
  
  In conversation Thursday, 02-Mar-2023 18:11:46 JST permalink
- <script> alert("sogg"); </script> (pedophilesoftwareinc@cum.salon)'s status on Thursday, 02-Mar-2023 18:11:47 JST <script> alert("sogg"); </script>
  in reply to
  - bot :kiwi_dumbbell:
  @mint @bot LOL
  In conversation Thursday, 02-Mar-2023 18:11:47 JST permalink
  Attachments
  1. Untitled attachment
    https://cum.salon/media/cde0563777e2f1dfd0f4686864d4912b167111006f4cef01574ef96fb91b6537.png
- 🌲Number 1 Pleroma Criminal on XBL 🇵🇱|🇺🇸 (phenomx6@fedi.pawlicker.com)'s status on Thursday, 02-Mar-2023 18:16:01 JST 🌲Number 1 Pleroma Criminal on XBL 🇵🇱|🇺🇸
  in reply to
  - bot :kiwi_dumbbell:
  - <script> alert("sogg"); </script>
  they were too busy finding out how to ban Alex Gleason from the project than they were fixing their shit
  
  In conversation Thursday, 02-Mar-2023 18:16:01 JST permalink
  
  likes this.
- (mint@ryona.agency)'s status on Thursday, 02-Mar-2023 18:41:08 JST
  in reply to
  @PhenomX6 @pedophilesoftwareinc @bot To be fair, it isn't fixed in soybox yet.
  https://gitlab.com/soapbox-pub/rebased/-/blob/develop/lib/pleroma/web/activity_pub/activity_pub.ex#L1541
  In conversation Thursday, 02-Mar-2023 18:41:08 JST permalink
  Attachments
  1. lib/pleroma/web/activity_pub/activity_pub.ex · develop · Soapbox / Rebased · GitLab
    
    Fediverse backend written in Elixir. The recommended backend for Soapbox. https://soapbox.pub
  🌲Number 1 Pleroma Criminal on XBL 🇵🇱|🇺🇸 likes this.
- ew (e@masochi.st)'s status on Thursday, 02-Mar-2023 18:48:47 JST ew
  in reply to
  - bot :kiwi_dumbbell:
  - <script> alert("sogg"); </script>
  @mint @pedophilesoftwareinc @bot close registrations immediately
  
  In conversation Thursday, 02-Mar-2023 18:48:47 JST permalink
- (mint@ryona.agency)'s status on Thursday, 02-Mar-2023 18:48:47 JST
  in reply to
  @e @pedophilesoftwareinc @bot Just came back home and updated it.
  
  In conversation Thursday, 02-Mar-2023 18:48:47 JST permalink
- (mint@ryona.agency)'s status on Thursday, 02-Mar-2023 18:58:24 JST
  in reply to
  @pomstan @pedophilesoftwareinc @bot No screening for ../ paths in uploader, apparently. Still not sure how it can be exploited since pleromer saves images with their hash instead of filename by default.
  
  In conversation Thursday, 02-Mar-2023 18:58:24 JST permalink
- pomstan (pomstan@xn--p1abe3d.xn--80asehdb)'s status on Thursday, 02-Mar-2023 18:58:26 JST pomstan
  in reply to
  - bot :kiwi_dumbbell:
  - <script> alert("sogg"); </script>
  @mint @pedophilesoftwareinc @bot what’s the exact issue
  
  In conversation Thursday, 02-Mar-2023 18:58:26 JST permalink
- (mint@ryona.agency)'s status on Thursday, 02-Mar-2023 18:58:45 JST
  in reply to
  @pomstan @bot @pedophilesoftwareinc Apparently, Pleb managed to exploit in on poast and got IP banned.
  
  In conversation Thursday, 02-Mar-2023 18:58:45 JST permalink
- <script> alert("sogg"); </script> (pedophilesoftwareinc@cum.salon)'s status on Thursday, 02-Mar-2023 19:00:32 JST <script> alert("sogg"); </script>
  in reply to
  - pomstan
  - bot :kiwi_dumbbell:
  @mint @bot @pomstan no, it was for this
  In conversation Thursday, 02-Mar-2023 19:00:32 JST permalink
  Attachments
  1. Untitled attachment
    https://cum.salon/media/8b86831fa8eb0995410e81914f142fe701ebbfa96cc3eac120851d2dd9e3a19a.png
  likes this.
- (mint@ryona.agency)'s status on Thursday, 02-Mar-2023 19:01:52 JST
  in reply to
  @pedophilesoftwareinc @bot @pomstan Ah, okay. The timing between posts was too good to not speculate on that.
  
  In conversation Thursday, 02-Mar-2023 19:01:52 JST permalink
- (mint@ryona.agency)'s status on Thursday, 02-Mar-2023 19:02:29 JST
  in reply to
  - big dog
  @dc That's because I've replaced the frontend bundle with mine. Nothing critical, it's just something I'm not willing to fix over SSH from my phone.
  
  In conversation Thursday, 02-Mar-2023 19:02:29 JST permalink
- big dog (dc@pl.starnix.network)'s status on Thursday, 02-Mar-2023 19:02:30 JST big dog
  in reply to
  
  @mint you were not able to just git check out? i need to update my server to so i want to make sure
  
  In conversation Thursday, 02-Mar-2023 19:02:30 JST permalink
- meso (meso@asbestos.cafe)'s status on Thursday, 02-Mar-2023 19:04:19 JST meso
  in reply to
  @pedophilesoftwareinc @mint @bot @pomstan did :blackoma: fix it (>it didnt)
  
  In conversation Thursday, 02-Mar-2023 19:04:19 JST permalink
  
  likes this.
- <script> alert("sogg"); </script> (pedophilesoftwareinc@cum.salon)'s status on Thursday, 02-Mar-2023 19:04:20 JST <script> alert("sogg"); </script>
  in reply to
  @meso @mint @bot @pomstan 2.5.1 pleroma update
  
  relative file names, might be a non issue, but god knows
  
  In conversation Thursday, 02-Mar-2023 19:04:20 JST permalink
- meso (meso@asbestos.cafe)'s status on Thursday, 02-Mar-2023 19:04:21 JST meso
  in reply to
  @mint @pedophilesoftwareinc @bot @pomstan wait what's the issue how to fix it
  
  In conversation Thursday, 02-Mar-2023 19:04:21 JST permalink
- <script> alert("sogg"); </script> (pedophilesoftwareinc@cum.salon)'s status on Thursday, 02-Mar-2023 19:04:44 JST <script> alert("sogg"); </script>
  in reply to
  @meso @mint @bot @pomstan nope, not patched
  https://akkoma.dev/AkkomaGang/akkoma/src/branch/develop/lib/pleroma/web/activity_pub/activity_pub.ex#L1505
  In conversation Thursday, 02-Mar-2023 19:04:44 JST permalink
  Attachments
  1. akkoma
    
    from AkkomaGang
    
    Magically expressive social media
  likes this.
- pomstan (pomstan@xn--p1abe3d.xn--80asehdb)'s status on Thursday, 02-Mar-2023 19:13:30 JST pomstan
  in reply to
  - bot :kiwi_dumbbell:
  - <script> alert("sogg"); </script>
  @mint @pedophilesoftwareinc @bot
  No screening for ../ paths in uploader, apparently.
  jesus christ, that’s an exploit right from the 1995 or something, older than most of pleroma users
  
  In conversation Thursday, 02-Mar-2023 19:13:30 JST permalink
  
  likes this.

Public

Conversation

Notices

Feeds