[HN Gopher] Would You Like an IDOR With That? Leaking 64m McDona...
___________________________________________________________________
Would You Like an IDOR With That? Leaking 64m McDonald's Job
Applications
Author : samwcurry
Score : 20 points
Date : 2025-07-09 19:31 UTC (3 hours ago)
(HTM) web link (ian.sh)
(TXT) w3m dump (ian.sh)
| bravesoul2 wrote:
| It involves AI but AI wasn't the cause. It was an enumeration on
| object id, discovered because the author could access a test site
| with password 123456 and try things out.
| oc1 wrote:
| I have so many questions to the developers but i believe the
| answers will just crush my poor worker soul so let it be.
| TZubiri wrote:
| It certainly doesn't reflect well on AI as a BuzzWord.
|
| Execs vetted this provider and approved it, which isn't
| irrelevant to the disregard for safety occuring with AI in
| general right now.
|
| Additionally, are we certain the vendor didn't use AI to
| vibecode stuff?
| Y_Y wrote:
| But no Epstein clients!?
| heavyset_go wrote:
| It was on my desk but it disappeared because it doesn't exist.
| Besides, it's weird that you're still talking about this
| Epstein guy when things like Texas happened.
| lesuorac wrote:
| It's unfortunate the administration can only focus on one
| thing and can't handle Texas and Epstein at the same time.
| quantified wrote:
| They're on a test menu. Sometimes you see it, sometimes you
| don't.
| Proofread0592 wrote:
| I cannot believe the 123456 worked, it's literally a joke from
| SpaceBalls.
| shrubble wrote:
| Reminds me that I need to change the combination on my
| luggage...
___________________________________________________________________
(page generated 2025-07-09 23:00 UTC)