Currently ignored steemit.com exploits

inertia (73)admin3154650in O.G. • 5 years ago

There are a number of possible (unconfirmed) exploits that are uninvestigated on steemit.com, related to the fact that they do not maintain the code, such as:

iframe validation exploits need to prevent exploits based on browsers' tolerance of the use of ""rather than "/" and the presence of whitespace at this point in the URL.
Need to uses the standard WHATWG URL parser to stop IDNA (Internationalized Domain Name) attacks on the iframe hostname validator.
pdf generator needs to be audited for leaks to prevent new/existing accounts from losing control of their private keys.
Possible SSRF exploit: https://github.com/axios/axios/pull/3410

Scary stuff. You should switch to Hive, where stuff like this is maintained instead of ignored and downvoted (like this post is):

https://hiveonboard.com/?ref=inertia

^{The dump also contains a list of millions of prime factors, a 0-day Tamagotchi exploit, and a technique for getting gcc and bash to execute arbitrary code.}

#steem #hack

5 years ago in O.G. by inertia (73)admin3154650

$0.08

Sort:

Trending

[-]

sentinels (-1)(1)mutedSpammer 5 years ago

$0.00

Reveal Comment