ladunjexa
commented
2 months ago @Ryneex kudos for the creativity! 🎉 Let's chat about how you did it, so I can patch things up.
Open Ryneex opened 2 months ago
ladunjexa
commented
2 months ago @Ryneex kudos for the creativity! 🎉 Let's chat about how you did it, so I can patch things up.
Ryneex
commented
2 months ago @ladunjexa basically I was going through the course and I noticed a potential vulnerability in the server actions concerning CRUD operations. Specifically, the server actions seems to rely solely on the user_id provided by the client without implementing any checks to verify the authenticity of the user's ownership of the account. This oversight could leave the system susceptible to exploitation through modification of the user_id field in the request body. so basically I will create a post, intercept the request and replace my author_id with someone else's, that will do the trick 😉
naranjansingh
commented
3 weeks ago Hey man @ladunjexa i face error in [nextjs14-devoverflow]
Hey man, maybe you should login and check your name and username :) @ladunjexa