SthephanShinkufag / bytebeat-composer

Bytebeat player with a collection of many formulas from around the internet.
https://dollchan.net/bytebeat/
MIT License
91 stars 29 forks source link

no way to recover from audioworklet hang #15

Open SArpnt opened 3 years ago

SArpnt commented 3 years ago

by just using the code (_=>{for(;;);})() the website is rendered completely unusable, and the hang is completely undetected. refreshing doesn't work properly either, the browser (at least my browser) gets stuck, so the only way i can deal with the issue is completely closing the tab.

inyourface34456 commented 2 years ago

I think this is the shellshock vulnerability, this is a recnoized bug. How did you use it though? What OS are you running (if so, you better catch it)? What browser are you running and when was it last updated? If it has been a while, then you should definitely update, as this is a very extreme security vulnerability, as it can run any code, weather you like it or not.

ghost commented 2 years ago

Expressions

(_=>{for();})()

SyntaxError: expected expression, got ')'

for()

SyntaxError: expected expression, got keyword 'for'

System

SthephanShinkufag commented 2 years ago

@Diicorp95

(_=>{for(i=1;i;);})()

Also, It's impossible to get a link with it from site.

For example, here link for working code (_=>{for(i=0;i;);})(): https://dollchan.net/bytebeat/#v3b64q1ZKzk9JVbJS0oi3tatOyy/SyLQ1sM601rSu1dTQVKoFAA==

The player will immediately enter an endless loop as soon as you edit 0 to 1 by releasing the key, without giving an updated link. So you won't be able to share links with broken code.

Of cource, unless you can compose such a link yourself, using decodeURIComponent through the console, for example.

SArpnt commented 2 years ago

I think this is the shellshock vulnerability, this is a recnoized bug. How did you use it though? What OS are you running (if so, you better catch it)? What browser are you running and when was it last updated? If it has been a while, then you should definitely update, as this is a very extreme security vulnerability, as it can run any code, weather you like it or not.

this has literally nothing to do with shellshock and isn't a security vulnerability, it's a minor issue with the website and has nothing to do with my pc