Closed ghost closed 2 years ago
That wasn't the point. Send a file, please. Replit Auth proxy is not that easy to attack but by all means try.
Also it is meant to be a personal service i.e. the common sense behind not uploading 1GB xD.
@RayhanADev i just described the process. It would be pretty hard for me to pull off.
Also i had reported that replit.com at 8:00 00:00 GMT+ crashed https://status.replit.com/
@rayhanadev lets not talk about the recent linux RCE for bluetooth lmao. One way to get code on there. Another is the pkexec package which is part of polkit.
Polkit is a required dependency of all desktop environments.
Then again, wouldn't a keylogger be better than looking at headers?
Would you be willing to open a PR with a better security fix? :)
ok, hold on...
May I request permission to pentest and report anything a bit... wrong? Currently that is a concept but I'll try a few other things.
BTW, I upload 1GB files to my drive lol. ISO images.
Just did something (url traversal) nice to see that you took the ../../..
into account and did not accidentally leave that in at all.
Hold on. What if we were to like. Compete to innovate. E.G. I make my own and we compare? I mean like it could turn into a opensource project(s) but after, we can compare projects. TBH, I'd think this would be really fun to do.
ok, hold on...
May I request permission to pentest and report anything a bit... wrong? Currently that is a concept but I'll try a few other things.
BTW, I upload 1GB files to my drive lol. ISO images.
I would request anything that isn't majorly damaging and DM me on Discord (I'm in the Replit server) with whatever you choose to do :)
Just did something (url traversal) nice to see that you took the
../../..
into account and did not accidentally leave that in at all.
The obvious attack vectors were covered ;)
Hold on. What if we were to like. Compete to innovate. E.G. I make my own and we compare? I mean like it could turn into a opensource project(s) but after, we can compare projects. TBH, I'd think this would be really fun to do.
By all means! I really only did this as an 'extremely simple' filehost for the template jam but I think it would be a great challenge, I could certainly learn a thing or two from you :D.
@rayhanadev Ok. Challenge accepted. For a fair competition:
sum of points
divided by the total amount of time
(use a timer) to gain the amount of points per hour which should be mathematically and theoretically accurate for measuring performance. This means if you spend 1 hour
and get 5 points
, that would be 5pts/h
however, if I spent 10 hours
and got 7 points
. that would be 0.7pts/h
and so you would win based on the rate of implementation.^ Just to lay down some rules for an equal chance on your behalf.
@rayhanadev baah, since I am unable to turn off copilot due to a slow computer, I'll allow it's use. (it is a vscode extension btw)
Got github auth to work.
@rayhanadev BTW, this is causing me to create an absolutely awesome CSS design language; I think this was not a bad choice as it furthers me in the progress of Mutter - the fully actually to be fully fleshed out chatting app.
Hah, I am actually making the site fully mobile responsive using @media
css queries and flexbox. About time I ACTUALLY started doing that lmao.
ah yes, apparently I count as more than 1 person. I keep writing "We".
I'm so sorry I took an Internet hiatus like a week ago 😓.
@rayhanadev naah, don't worry; I have opted to remove the time since I overworked myself too hard due to said time limit: Dont want you to do the same.
Thank you! I'll start working on one myself as well :)
https://edge.rayhanadev.repl.co/dashboard Seriously, that's not hard. Like for example. I could upload a 1GB file which would render the service useless. Nevermind RECALL ATTACKS, seriously just have a program listen for the headers on a device, send it to the owner of that program. Great they can use that auth token and login ;)