Open Ryneex opened 2 months ago
@Ryneex kudos for the creativity! 🎉 Let's chat about how you did it, so I can patch things up.
@ladunjexa basically I was going through the course and I noticed a potential vulnerability in the server actions concerning CRUD operations. Specifically, the server actions seems to rely solely on the user_id provided by the client without implementing any checks to verify the authenticity of the user's ownership of the account. This oversight could leave the system susceptible to exploitation through modification of the user_id field in the request body. so basically I will create a post, intercept the request and replace my author_id with someone else's, that will do the trick 😉
Hey man @ladunjexa i face error in [nextjs14-devoverflow]
Hey man, maybe you should login and check your name and username :) @ladunjexa