geteilt von: https://lemmy.ml/post/1895271
FYI!!! In case you start getting re-directed to porn sites.
Maybe the admin got hacked?
edit: lemmy.blahaj.zone has also been hacked. beehaw.org is also down, possibly intentionally by their admins until the issue is fixed.
Post discussing the point of vulnerability: https://lemmy.ml/post/1896249
Github Issue created here: https://github.com/LemmyNet/lemmy-ui/issues/1895
What a thing to wake up to.
I’ll be keeping watch in the local posts or comments in case anyone here tries to submit a post containing the exploit. If I or any of the other admins get compromised I may have to shut dormi.zone down temporarily.
As far as I understood, the exploit abuses an HTML attribute to steal your login token. Going by that, I’m guessing that apps such as Jerboa and Liftoff should be safe for now.
Looks like they are working on a fix
deleted by creator