nathan815 / TheSwanStation-Issues

Issue tracker for The Swan Station
https://theswanstation.net
0 stars 1 forks source link

Exploit : Database access #64

Closed nathan815 closed 8 years ago

nathan815 commented 8 years ago

Originally reported by: Winston Smith (Bitbucket: Winston-Smith, GitHub: Winston-Smith)


Hello Nathan,

Winston here. I can get access to TSS's DB using a cumulative bug during a reset ... I can't explain here how to fix it, for obvious reasons. It goes so far I can see everything and edit as well, using a bit of a simple SQL injection -_-

As usual ... see you in chat for the details on how to patch this,

Joe


nathan815 commented 8 years ago

Original comment by Winston Smith (Bitbucket: Winston-Smith, GitHub: Winston-Smith):


Hello Nathan, Sorry I should have clarified this, this was part of a diversion I used for the joke, I used it as a way to get the fake Nathan take contact with me in chat so it looked more natural. Of course having an over the top vulnerability description was something of a bonus ;) Cheers, Joe

nathan815 commented 8 years ago

Original comment by Nathan Johnson (Bitbucket: nathancjohnson, GitHub: Unknown):


Was this an April fools joke? Or real?

Please email me immediately about this if it is real.