Post AxhkM5kLCi4aRIiWH2 by Taffer@mastodon.gamedev.place
 (DIR) More posts by Taffer@mastodon.gamedev.place
 (DIR) Post #AxhkM4YFeAoAjW3Ln6 by da_667@infosec.exchange
       2025-08-30T06:03:36Z
       
       2 likes, 0 repeats
       
       I sometimes wonder if bots just started randomly sending PATCH and/or DELETE requests and sprayed them across the internet, how much shit would be like oh, sure. Let me delete that file for youoroh, you just want to append a bash reverse shell one-liner to this script that runs every 10 minutes? why didn't you say so?
       
 (DIR) Post #AxhkM5kLCi4aRIiWH2 by Taffer@mastodon.gamedev.place
       2025-08-30T15:06:18Z
       
       0 likes, 0 repeats
       
       @da_667 once upon a time, one of our the security researchers I worked with spidered our wiki to check for resources that weren’t locally hosted; they had to provide credentials to see the restricted pagesTurns out the page menu’s Delete Page item was a GET URL when you were logged in, without an “Are you sure?”Luckily there was a recent backup.
       
 (DIR) Post #AxhkM6ixZKYvTJ4vlA by dcoderlt@ohai.social
       2025-08-30T19:07:04Z
       
       1 likes, 0 repeats
       
       @Taffer @da_667 I once ran across a system with a similar problem. They had an auth check alright, but the failure handler sent a 401 Unauthorized and then *continued processing the request as normal*. When spiders hit articles.php, they ignored the 401 and followed all the GET URLs to /delete.php?pageId=123 … :blobpopcorn: