[00:25:12] Woah [00:25:35] I found an IDOR vulnerability in one of those "take a survey that collects all your PII and get $1 in return" websites [00:25:42] I reported it to the site [00:25:46] Hopefully they fix this [00:25:53] lmao [00:25:55] IDOR? [00:25:58] https://en.wikipedia.org/wiki/Insecure_direct_object_reference [00:26:10] I can see people's email address, education information, gender, full name, etc. [00:26:15] Is this the same you did on that other website [00:26:20] what other website [00:26:20] 💀 [00:26:43] I remember you found an exploit on another scam website before [00:26:54] Oh yeah that was a different type of exploit [00:26:56] Path traversal [00:27:08] This website is run by a legitimate business though and the information stored is the PII of random innocent people [00:28:25] So was the other ones [00:28:39] the other website is not a legitimate business & did not have any PII I could find [00:29:03] why are you specifically looking for PII [00:29:09] got curious [00:29:14] it was a really simple vuln [00:29:39] I noticed an API that returns PII about myself when looking at the site in Burp Suite [00:29:48] So I just changed my user ID in the request to someone else's and found someone else's data [00:30:28] I was pentesting the site (I guess) because I wanted to see if I could find any vulnerabilities that would let me screw with the payout system or mess with my account and things like that but I feel like targeting innocent users on the site is too far so I responsibly disclosed it [00:30:52] <.labster, replying to emicraftnoob> https://cdn.discordapp.com/attachments/615786602454581249/1241548596445446189/image0.jpg?ex=664a99bc&is=6649483c&hm=c661e76502f51563c80b4888ca8d7430606ad7f580447339b76cc291373ab909& [00:31:29] <.labster> Discord summaries so good amirite? [00:31:48] that’s what I just saw lmao [00:32:57] [1/21] Checked in detail and here's the info it shows: [00:32:57] [2/21] - User ID [00:32:57] [3/21] - First name [00:32:58] [4/21] - Last name [00:32:58] [5/21] - Account email address [00:32:58] [6/21] - PayPal email address [00:32:59] [7/21] - Amount of survey questions answered [00:32:59] [8/21] - Gender [00:32:59] [9/21] - Date of birth [00:33:00] [10/21] - Education level [00:33:00] [11/21] - Occupation [00:33:01] [12/21] - Annual income [00:33:01] [13/21] - Hobbies [00:33:02] [14/21] - Level of computer experience according to the user [00:33:02] [15/21] - How much time they say they spend online per day [00:33:03] [16/21] - What devices they say they own [00:33:03] [17/21] - Currency [00:33:04] [18/21] - Referral/affiliate code used to join the site, if any [00:33:04] [19/21] - Country [00:33:05] [20/21] - Languages spoken [00:33:05] [21/21] - Income sources [00:39:15] An upstanding member of the skriptkiddie community would have went ahead and used it to dump the DB and sell it on a forum of choice. [00:49:03] There's no way to dump the DB and shell from this exploit [00:49:23] I did consider scraping all the data and posting it on a forum but I decided that was way too far even for my standards [00:49:50] So you are not a member of the skriptkiddie society [00:49:57] It appears not [00:50:28] When I find something I usually go "Cool, next one" [00:51:19] I should participate in bug bounties some day but the issue is that all the platforms seem to require using your bank account or PayPal and I don't have either of those [00:51:24] I have Bitcoin and Monero [00:54:41] I only exchange monero and zCash [01:33:40] i said one thing and now its bunching me in with those fellows [01:34:01] didnt even say anything substantial just "gogle" [01:34:07] fawk [01:36:48] <.labster> Sadie Fawkins dance anyone? [01:57:08] [1/2] Some people are really not all that smart [01:57:08] [2/2] https://cdn.discordapp.com/attachments/615786602454581249/1241570304627576862/Screenshot_20240518-185648.png?ex=664aadf3&is=66495c73&hm=69232bcf91953c2cfefab29e51902c331c4fbdeb88ee6edf48471415f62db931& [01:57:56] Wow, being named Anna and espousing an opinion that is very popular among scientists and is protected free speech is evidence of a crime [01:58:46] Also in the defendant's motion to dismiss she proved that she had used the name "anarchivist" years before Anna's Archive existed [01:59:29] [1/2] Yes these are all very common attributes [01:59:29] [2/2] https://cdn.discordapp.com/attachments/615786602454581249/1241570894518816818/Screenshot_20240518-185902.png?ex=664aae80&is=66495d00&hm=000e19c12c91b9ab3d860b3d8cb7c3875242210c148e2d8e51f5f118fdd0df97& [02:01:15] [1/2] "She is guilty because her name is Anna" is not a plausible statement of facts [02:01:15] [2/2] https://cdn.discordapp.com/attachments/615786602454581249/1241571341086228533/Screenshot_20240518-190041.png?ex=664aaeea&is=66495d6a&hm=2228797c266d3b12c601db53388b43db31f093959d54aec79615e0e08da156f1& [02:05:35] [1/4] > Ms. Matienzo is an archivist, her middle name is Anasztasia, and she went by “Ana” and/or “Anna” online during the events at issue. Id. ¶¶ 20–21. She also uses the online handle, “anarchivist,” which, combined with her nickname, is similar to Anna’s Archive’s former Twitter/X handle, “AnnaArchivist.” Id. ¶ 22. She shares Anna’s Archive’s goal that libraries and archives should [02:05:35] [2/4] free and widely available. Id. ¶ 23. Ms. Matienzo has the extensive software programming and website domain hosting experience necessary to help Anna’s Archive, as she is a software engineering manager. Id. ¶¶ 24–25. She thus has a job in “tech,” which is consistent with Anna’s Archive’s statements that its owners and/or operators have “jobs in finance [02:05:35] [3/4] and tech.” Id. ¶ 18. She also meaningfully understands OCLC’s WorldCat products because she was a catalog librarian at OCLC’s direct competitor and developed a repository for a python module that works with OCLC’s WorldCat Affiliate web services. [02:05:36] [4/4] That is on page 9. Those are all very common attributes. [02:06:08] It's incredible how ridiculous the logic copyright monopoly holders use is [02:07:32] [1/2] first was macos 9, now is windows 3.1 [02:07:33] [2/2] https://cdn.discordapp.com/attachments/615786602454581249/1241572922972311653/Captura_de_Pantalla_2024-05-18_a_las_8.06.36_p.m..png?ex=664ab064&is=66495ee4&hm=9480dfe631964d8ff854c604738879fe28472f9816c11be47b8ebc9cdd1542e9& [02:25:08] [1/2] bit of a moot point but congrats @reception123 and @notaracham on another two years stuck to your seats! [02:25:08] [2/2] https://meta.miraheze.org/wiki/Community_Directors/Elections#Results [02:26:17] also dang why did NA get less then agent, no offence ofc i love you all just a bit of an interesting surprise since agent seemed to be taking the brunt of the reputation hit [02:26:55] and thanks a ton to @serverlessharej for administering it, and the rest of ElCom :Partyheze: [02:28:45] yello labem [02:28:48] <.labster, replying to pixldev> My theory is that NA told people no as a mod [02:28:55] Touche! [02:29:10] Very good theory that unfortunately may have some truth lmao [02:32:13] He is very clear with the yes/no but I actually like that. We need people who can make decisions and then back them up. [02:33:14] 💯 [12:59:31] @rhinosf1 @redmin0 ⏲️ for Formula 1 [12:59:37] Have fun [13:04:15] @rodejong afternoon [14:06:21] [1/2] captcha be gone wild [14:06:21] [2/2] https://cdn.discordapp.com/attachments/615786602454581249/1241753817150787645/image.png?ex=664b58dc&is=664a075c&hm=bf4a92f1125e56f60191ccc1e1bc10abe120ecb7ca57c08ed0817234aa623526& [14:09:37] welcome to robots trying to detect robots [14:13:32] most legs in reality [14:13:45] it's such amazing wording [14:15:59] I had to skip that one because I had a dumb moment and thought they all had 2 legs [14:16:01] maybe I'm a bot [14:17:02] Ahh the famouns 2 legged horses yeah 😄 [14:23:54] Formula 1 is exciting ... [14:24:03] WOW what a race [14:34:12] Stupid red bull in the way [14:43:35] I was sitting there like, Norris was eating a second a lap ... Heart in mouth 😛 [14:44:18] But it seems the Domination is over. I love close racing like that [14:52:59] I think captcha trying to beat bots isn't a great idea [14:53:18] not only does it get too hard even for humans to do (and people also don't want to have to spend time thinking about how to solve a captcha) [14:53:34] but also I don't feel like it's that difficult for bots to adapt and use AI to figure it out anyway [14:53:46] puzzles are fun and good for brain lol [14:54:14] Once in a while sure but when you're trying to log in it's not always the case [14:54:59] I'm only get annoyed by it in google because it really dislikes when I use VPN [15:19:16] got a follow back from a minor celeb couple of weeks ago on twitter and after that my followers are mostly bots lol [15:19:35] should I report them or just keep for numbers lmao [15:26:52] [1/2] kanjitalk got so fucked up [15:26:52] [2/2] https://cdn.discordapp.com/attachments/615786602454581249/1241774080353636453/Captura_de_Pantalla_2024-05-19_a_las_9.26.16_a.m..png?ex=664b6bbb&is=664a1a3b&hm=ebcc9994cac95f8d6f940094c30f3e6b6c7a4f42af77a6fc7e2f3feea2c55be3& [15:36:27] ✋ [15:47:38] ??? [15:48:10] Raise your hand if you don't know CSS [15:48:59] 👎 i know css [16:11:41] https://tenor.com/view/cat-kitty-pussycat-feline-gif-26001328 [16:11:50] It's possible [16:11:56] Birth defects and stuff [16:12:03] I've seen dogs with two legs before lol [16:14:02] kitty 🥺 [16:15:34] him: ||I want to recreate 9/11 :3|| [16:16:07] Excuse me. Not. Needed. [16:16:39] _watching Vettal driving the MP4/8 from 1993 around the track of Imola 🫡 👀_ [16:16:45] What was posted? [16:16:49] My message logger is broken [16:16:59] They deleted it, it’s not you concern Collei. [16:17:05] womp womp :3 [16:17:09] Limited time message [16:23:16] me when fake nitro [bounce](https://cdn.discordapp.com/emojis/707809006328217640.gif?size=48&quality=lossless&name=bounce) [16:25:46] Now that I have fake nitro now I can use [[uncyclopedia:Template:Boner]] [boner~1](https://cdn.discordapp.com/emojis/641835384556486670.webp?size=48&quality=lossless&name=boner%7E1) [16:25:46] https://uncyclopedia.org/wiki/Template:Boner [16:25:47]

[16:27:34] is broken fakenitro plugin ;-; [16:33:57] Rip he got banned [16:33:59] 1984 [16:34:06] A general note to all because I do believe in transparency and that everyone should be aware of what occurs within Miraheze: Making jokes regarding to mass terror events, discrimination against any persons, or any other sort of inappropriate jokes will result in a timeout or ban. [16:34:16] Understood [16:48:05] That's a very good simulation of some Class A substances, I think AI is onto something. [16:51:37] Lmaoo [17:22:43] sent in dms [17:55:30] @koreirose that’s a lot lmao [17:55:59] Im taking Spanish in school is sucks, I need to get better at my native language of Pt-br and that’s about it for me [17:56:08] I’d like to learn German but [18:46:03] [1/10] Expanding on what I wrote in #cvt, here's why I want to learn those languages: [18:46:03] [2/10] Japanese: Watch anime and manga without subtitles, do translations [18:46:03] [3/10] Mandarin: There's a lot of very cool tech and programming libraries from China that I only learned about from reverse engineering Chinese apps and games but the tech has documentation written entirely in Chinese or the English documentation exists but is entirely incoherent, learning Mandarin would give so many opportunities. Also a lot of people speak Mandarin so I could meet a lo [18:46:04] [4/10] t of new people. [18:46:04] [5/10] Cantonese: Same as Mandarin [18:46:04] [6/10] Spanish: A lot of people in the US speak it [18:46:04] [7/10] French: I have a friend who speaks it as their native language and I want to have conversations with them [18:46:05] [8/10] German: It looks cool [18:46:05] [9/10] Hindi: Looks cool and so I can insult tech support scammers in Hindi [18:46:05] [10/10] Russian: Same as Mandarin and Cantonese [18:50:52] you don't see a lot of people wanting to learn French but I had it in school, loved tbh [18:51:09] forgot about half of the stuff tho cus no practice [18:55:48] the reason for hindi especially is based [18:55:52] mandar as well [19:06:02] Yea [19:07:39] How do I get CreateWiki running locally on my laptop? [19:07:57] Would like to do some offline testing [19:08:14] OA made a guide [19:08:21] a sub of his user page [19:16:23] Ah OK [19:20:45] https://meta.miraheze.org/wiki/User:Original_Authority/Setting_up_a_CreateWiki_development_environment I'm assuming the Mac guide works on Linux with some modifications yes? [19:21:18] probably™️ [19:21:28] if it works tell me [19:21:30] good luck [19:22:09] I'll try later [19:35:42] That will work on linux [19:35:56] But /Users is /home on most distorts [19:36:00] Distros [19:43:36] Yea ik that [19:59:39] just got isaac rep physical [19:59:51] [1/2] he is real now [19:59:52] [2/2] https://cdn.discordapp.com/attachments/615786602454581249/1241842780351889519/GN9wJceXsAAV1Xu.png?ex=664babb7&is=664a5a37&hm=7ad560cf6db1dbf7a4919c6effd655e22e9d74dfde082e49fdd73036df564964& [20:08:13] You could add Dutch to your list [20:08:17] possibly [20:08:43] Dutch is cooler than German [20:08:55] German sounds so "Commanding" [20:09:08] and dutch has less grammatical genders and annoying cases to memorize! [20:09:17] Exactly [20:09:46] The same as Spanish verses Italian. [20:09:57] Spanish is a lot easier to learn [20:10:05] (Italian sounds better though [20:10:47] Brazilian Portuguese too. Love that language [20:34:58] zeus hand reveal [20:35:36] É, munto legal [20:35:56] Mmmm do you guys have compound nouns [20:37:21] I have no idea what that means 😄 [20:37:44] Ah.. [20:37:49] "samengestelde zelfstandige naamwoorden" [20:38:00] Yup [20:42:45] translation? [20:43:42] The longest compound noun (samengestelde zelfstandige naamwoorden) in Dutch that is often cited is "kindercarnavalsoptochtvoorbereidingswerkzaamhedencomitéleden," which is 49 letters long. This word means "members of the committee for the preparation activities of the children's carnival parade." [20:46:07] thats 4 letters longer then the longest English word [20:46:24] We can make it as long as we want [20:46:47] as professional linguistic appropriators don't worry, we can play that game too [20:46:56] Baarmoederhalskankerlabaratoriumsonderzoekskamer [20:47:12] "Professional linguistic appropriator" sounds like a job description [20:47:28] suboffice of the department of cultural appropriations [20:49:14] The absolute longest word in Dutch is "Kindercarnavalsoptochtvoorbereidingswerkzaamhedenplan," which is 53 letters long. It translates to "preparation activities plan for a children's carnival procession." This word, while rarely used, exemplifies how Dutch compound words can be extremely long by combining multiple words into one. [20:49:45] Ah yes, a subdivision of the official operation center in which the appropriation of cultural artifacts is facilitated [20:50:44] The absolute longest word in Danish is "Speciallægepraksisplanlægningsstabiliseringsperiode," which is 51 letters long. It translates to "a period of stabilization for planning a specialist doctor's practice." Similar to Dutch, Danish can create very long compound words by combining several words into one. [20:50:53]