Currently ignored steemit.com exploits

in hive-180170 •  4 years ago 

There are a number of possible (unconfirmed) exploits that are uninvestigated on steemit.com, related to the fact that they do not maintain the code, such as:

  • iframe validation exploits need to prevent exploits based on browsers' tolerance of the use of ""rather than "/" and the presence of whitespace at this point in the URL.
  • Need to uses the standard WHATWG URL parser to stop IDNA (Internationalized Domain Name) attacks on the iframe hostname validator.
  • pdf generator needs to be audited for leaks to prevent new/existing accounts from losing control of their private keys.
  • Possible SSRF exploit: https://github.com/axios/axios/pull/3410

Scary stuff. You should switch to Hive, where stuff like this is maintained instead of ignored and downvoted (like this post is):

https://hiveonboard.com/?ref=inertia





The dump also contains a list of millions of prime factors, a 0-day Tamagotchi exploit, and a technique for getting gcc and bash to execute arbitrary code.

hive-180170 steem hack
4 years ago by

Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

  • Disagreement on rewards
  • Fraud or plagiarism
  • Hate speech or trolling
  • Miscategorized content or spam

Submit
$0.08
  • Past Payouts $0.08
  • - Author $0.04
  • - Curators $0.04
47 votes
1
Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  
  • Trending
    • [-]
      ·  4 years ago 

    Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

    • Disagreement on rewards
    • Fraud or plagiarism
    • Hate speech or trolling
    • Miscategorized content or spam

    Submit
    $0.00
      Reveal Comment