fsebugoutzone.org:9999

       Post AW2NMmaIa8FPmk0Fk0 by grumbulon@freecumextremist.com
 (DIR) More posts by grumbulon@freecumextremist.com
 (DIR) Post #AW2MTDJA2Ma2RyUQF6 by mint@ryona.agency
       2023-05-26T05:30:17.762656Z
       
       5 likes, 3 repeats
       
       He never explained how did the uploaded code get executed to begin with.GLUSSY QUOTE FALLBACK: https://poa.st/objects/23a2d8aa-c72d-488d-b9dd-21d3f3b05521
       
 (DIR) Post #AW2N6WaSIBR9XKK92W by mint@ryona.agency
       2023-05-26T05:37:22.512434Z
       
       0 likes, 1 repeats
       
       @bot @graf He already explained what the payload does but not what was the entry point for it.
       
 (DIR) Post #AW2NC8aqPgWWrJBMxc by pernia@cum.salon
       2023-05-26T05:39:18.339943Z
       
       1 likes, 0 repeats
       
       @mint @graf thank you GLEASON for MORE VIRUS SOFTWARE :pray:
       
 (DIR) Post #AW2NIA9pVh8fRpQ4mG by mint@ryona.agency
       2023-05-26T05:39:30.832827Z
       
       1 likes, 1 repeats
       
       @pernia @graf @graf He&#39;s blaming pleroma-fe for that gape.
       
 (DIR) Post #AW2NMmaIa8FPmk0Fk0 by grumbulon@freecumextremist.com
       2023-05-26T05:41:11.248060Z
       
       2 likes, 0 repeats
       
       @mint been trying to figure that out by uploading js files on my server, I wonder if it&#39;s a newer FE issue when you click the file. other than that there&#39;s no way I can think of
       
 (DIR) Post #AW2NZ5b3ijDWE3E8MC by pernia@cum.salon
       2023-05-26T05:43:27.092039Z
       
       1 likes, 0 repeats
       
       @mint @graf @graf :danielstevens: i chedheart gape
       
 (DIR) Post #AW2NwA0LUx7oYa3WIy by neganeko@ryona.agency
       2023-05-26T05:46:44.194347Z
       
       1 likes, 1 repeats
       
       @mint I&#39;m unclear about a few things. XSS or do the nostr lookups go via the local fedi server? because (I think) you could exfiltrate info via the search endpoint and also via /accounts/lookup?acct= with a procgen script on the other side to avoid a bunch of fetch errors in the logspoast already uses an entirely separate subdomain for media so was there a CSP misconfiguration or ... ?
       
 (DIR) Post #AW2O7Sli4gwJwBbEJc by neganeko@ryona.agency
       2023-05-26T05:48:46.945365Z
       
       1 likes, 1 repeats
       
       @mint of course you don&#39;t even necessarily need that level of sophistication if you grabbed a user&#39;s token. you could literally send it in a DM and then attempt to clean up the DM a few seconds later. might not manage to clean it up in time tho
       
 (DIR) Post #AW2OKnJH0ua9PTehJA by mint@ryona.agency
       2023-05-26T05:51:07.693419Z
       
       0 likes, 1 repeats
       
       @neganeko &gt;do the nostr lookups go via the local fedi server?Yes, the infected client simply sends a search query for the unfetched user and the local server tries to fetch it from the remote server.&gt;to avoid a bunch of fetch errors in the logsEh, might not be worth the trouble. Who knows how many servers drop packets from them.