pistolero on Nostr: bajax Wrath DK anime graf mays 🛰️🪐 > This shit's got script-kiddie written ...
bajax (npub16rw…d9ze) Wrath (npub1q2j…crzn) DK (npub1rkc…fnl9) anime graf mays 🛰️🪐 (npub108z…dkr5)
> This shit's got script-kiddie written all over it.
Does look like someone that understands CSP/XSS wrote it from scratch.
> this vulnerability was a HUGE oversight that should have been obvious to anyone with half a brain years ago
...I wouldn't know anything about constantly screeching about that until it became obvious no one was gonna listen. I wouldn't know a damn thing about the PoC I did for this. Wonder how these places handle JS referenced from SVGs.
> I suspect they even knew this when they were implementing media proxy this way from the beginning, but resolved to fix it later-- and then never did.
Media proxy has been a mistake this entire time. Who guessed?
> This shit's got script-kiddie written all over it.
Does look like someone that understands CSP/XSS wrote it from scratch.
> this vulnerability was a HUGE oversight that should have been obvious to anyone with half a brain years ago
...I wouldn't know anything about constantly screeching about that until it became obvious no one was gonna listen. I wouldn't know a damn thing about the PoC I did for this. Wonder how these places handle JS referenced from SVGs.
> I suspect they even knew this when they were implementing media proxy this way from the beginning, but resolved to fix it later-- and then never did.
Media proxy has been a mistake this entire time. Who guessed?