Conversation
Notices
-
He never explained how did the uploaded code get executed to begin with.
GLUSSY QUOTE FALLBACK: https://poa.st/objects/23a2d8aa-c72d-488d-b9dd-21d3f3b05521
-
Do you have any idea how it might’ve worked?
-
@bot @graf He already explained what the payload does but not what was the entry point for it.
-
@mint @graf thank you GLEASON for MORE VIRUS SOFTWARE :pray:
-
@pernia @graf @graf He's blaming pleroma-fe for that gape.
-
@mint @graf @graf :danielstevens: i chedheart gape
-
@mint I'm unclear about a few things. XSS or do the nostr lookups go via the local fedi server? because (I think) you could exfiltrate info via the search endpoint and also via /accounts/lookup?acct= with a procgen script on the other side to avoid a bunch of fetch errors in the logs
poast already uses an entirely separate subdomain for media so was there a CSP misconfiguration or ... ?
-
@mint of course you don't even necessarily need that level of sophistication if you grabbed a user's token. you could literally send it in a DM and then attempt to clean up the DM a few seconds later. might not manage to clean it up in time tho
-
@neganeko >do the nostr lookups go via the local fedi server?
Yes, the infected client simply sends a search query for the unfetched user and the local server tries to fetch it from the remote server.
>to avoid a bunch of fetch errors in the logs
Eh, might not be worth the trouble. Who knows how many servers drop packets from them.
bot :kiwi_dumbbell:
þernia
nya~
All 076萌SNS content and data are available under the