Is there a write up for the Lemmy exploit that happened? Or can someone give me any specific? I’m a cybersecurity student and would like to learn a bit more.

EDIT: Awesome, thanks for the links guys!

  • @dragontamer
    link
    English
    11
    edit-2
    1 year ago

    https://lemmy.world/post/1293336

    Seems to be a pretty good summary? Feel free to ping me back if you need help understanding it.

    Its a pretty straight forward XSS vulnerability. That basically means that the attacker got Javascript code execution upon the population, including the administrators. When you get Javascript execution, you almost always just steal cookies. Once the cookies to an administrator were stolen, then the admin-actions could be executed (such as changing the sidebar, making false posts / misinformation, etc. etc.)

  • @[email protected]
    link
    fedilink
    English
    51 year ago

    In addition to what others have said, you can look at the actual GitHub issue and PR that were done today to fix the vulnerability

    • Ph03n1x443OP
      link
      English
      31 year ago

      It was. They got it all fixed now though

  • @[email protected]
    link
    fedilink
    English
    31 year ago

    This feels like asking chatgpt to make a script to hack someone

    You:“can you do that?”

    Chatgpt:“as an AI I cant ethically do that…”

    You:“I’m a cybersecurity student”

    Chatgpt:" To hack someone you…"