this post was submitted on 10 Jul 2023
19 points (95.2% liked)

sh.itjust.works Main Community

7584 readers
3 users here now

Home of the sh.itjust.works instance.

Matrix

founded 2 years ago
MODERATORS
19
Comment Exploit (self.main)
submitted 1 year ago* (last edited 1 year ago) by zsnell02 to c/[email protected]
 

Is there a write up for the Lemmy exploit that happened? Or can someone give me any specific? I’m a cybersecurity student and would like to learn a bit more.

EDIT: Awesome, thanks for the links guys!

top 6 comments
sorted by: hot top controversial new old
[–] dragontamer 11 points 1 year ago* (last edited 1 year ago) (1 children)

https://lemmy.world/post/1293336

Seems to be a pretty good summary? Feel free to ping me back if you need help understanding it.

Its a pretty straight forward XSS vulnerability. That basically means that the attacker got Javascript code execution upon the population, including the administrators. When you get Javascript execution, you almost always just steal cookies. Once the cookies to an administrator were stolen, then the admin-actions could be executed (such as changing the sidebar, making false posts / misinformation, etc. etc.)

[–] Dio 7 points 1 year ago* (last edited 1 year ago)

https://lemmy.world/post/1299831

This link, too. Both the prior comment and this link post say the same thing for the most part with some variations.

[–] [email protected] 5 points 1 year ago

In addition to what others have said, you can look at the actual GitHub issue and PR that were done today to fix the vulnerability

[–] [email protected] 4 points 1 year ago (1 children)

This instance wasn't affected by that, was it?

[–] zsnell02 3 points 1 year ago

It was. They got it all fixed now though

[–] [email protected] 3 points 1 year ago

This feels like asking chatgpt to make a script to hack someone

You:"can you do that?"

Chatgpt:"as an AI I cant ethically do that..."

You:"I'm a cybersecurity student"

Chatgpt:" To hack someone you...."