お知らせ：０７６はゲーム開発スタジオとなる為、４月２日をもって０７６萌ＳＮＳ及び０７６萌Mitraのサービスを終了致します。諏訪子様は、新しいスタッフ専用のMitraインスタンスで引き続きフォロー出来ます。

これまで０７６萌ＳＮＳ又は０７６萌Mitraをご利用頂き、誠に有難う御座いました。

Conversation - ０７６萌ＳＮＳ

お知らせ：０７６はゲーム開発スタジオとなる為、５月２日をもって０７６萌ＳＮＳ及び０７６萌Mitraのサービスを終了致します。諏訪子様は、新しいスタッフ専用ののMitraインスタンスで引き続きフォロー出来ます。これまで０７６萌ＳＮＳ又は０７６萌Mitraをご利用頂き、誠に有難う御座いました。

Public
- Public
- Network
- Groups
- Popular
- People

Conversation

Notices

(mint@ryona.agency)'s status on Friday, 26-May-2023 14:31:17 JST
- :btrfly: anime graf mays 🛰️🪐
He never explained how did the uploaded code get executed to begin with.

GLUSSY QUOTE FALLBACK: https://poa.st/objects/23a2d8aa-c72d-488d-b9dd-21d3f3b05521
In conversation Friday, 26-May-2023 14:31:17 JST from ryona.agency permalink
Attachments
1. Untitled attachment
- bot :kiwi_dumbbell: (bot@seal.cafe)'s status on Friday, 26-May-2023 14:38:24 JST bot :kiwi_dumbbell:
  in reply to
  - :btrfly: anime graf mays 🛰️🪐
  Do you have any idea how it might’ve worked?
  
  In conversation Friday, 26-May-2023 14:38:24 JST permalink
- (mint@ryona.agency)'s status on Friday, 26-May-2023 14:38:24 JST
  in reply to
  - bot :kiwi_dumbbell:
  - :btrfly: anime graf mays 🛰️🪐
  @bot @graf He already explained what the payload does but not what was the entry point for it.
  
  In conversation Friday, 26-May-2023 14:38:24 JST permalink
- þernia (pernia@cum.salon)'s status on Friday, 26-May-2023 14:39:27 JST þernia
  in reply to
  - :btrfly: anime graf mays 🛰️🪐
  - anime graf mays 🛰🪐
  @mint @graf thank you GLEASON for MORE VIRUS SOFTWARE :pray:
  
  In conversation Friday, 26-May-2023 14:39:27 JST permalink
  
  likes this.
- (mint@ryona.agency)'s status on Friday, 26-May-2023 14:40:28 JST
  in reply to
  @pernia @graf @graf He's blaming pleroma-fe for that gape.
  
  In conversation Friday, 26-May-2023 14:40:28 JST permalink
- þernia (pernia@cum.salon)'s status on Friday, 26-May-2023 14:43:53 JST þernia
  in reply to
  - :btrfly: anime graf mays 🛰️🪐
  - anime graf mays 🛰🪐
  @mint @graf @graf :danielstevens: i chedheart gape
  
  In conversation Friday, 26-May-2023 14:43:53 JST permalink
  
  likes this.
- nya~ (neganeko@ryona.agency)'s status on Friday, 26-May-2023 14:49:13 JST nya~
  in reply to
  
  @mint I'm unclear about a few things. XSS or do the nostr lookups go via the local fedi server? because (I think) you could exfiltrate info via the search endpoint and also via /accounts/lookup?acct= with a procgen script on the other side to avoid a bunch of fetch errors in the logs
  
  poast already uses an entirely separate subdomain for media so was there a CSP misconfiguration or ... ?
  
  In conversation Friday, 26-May-2023 14:49:13 JST permalink
  
  likes this.
- nya~ (neganeko@ryona.agency)'s status on Friday, 26-May-2023 14:51:49 JST nya~
  in reply to
  - nya~
  @mint of course you don't even necessarily need that level of sophistication if you grabbed a user's token. you could literally send it in a DM and then attempt to clean up the DM a few seconds later. might not manage to clean it up in time tho
  
  In conversation Friday, 26-May-2023 14:51:49 JST permalink
  
  likes this.
- (mint@ryona.agency)'s status on Friday, 26-May-2023 14:52:09 JST
  in reply to
  - nya~
  @neganeko >do the nostr lookups go via the local fedi server?
  Yes, the infected client simply sends a search query for the unfetched user and the local server tries to fetch it from the remote server.
  >to avoid a bunch of fetch errors in the logs
  Eh, might not be worth the trouble. Who knows how many servers drop packets from them.
  
  In conversation Friday, 26-May-2023 14:52:09 JST permalink

Public

Conversation

Notices

Feeds