@invalid-usernames
Part b.
['rmc', 'ron', 'rpg', 'run', 'rye', 'r87', 'sad', 'sam', 'say', 'scp', 'sea', 'sec', 'sev', 'sex', 'sfw', 'she', 'sid', 'sky', 'sm2', 'sob', 'sss', 'sun', 'sup', 'sus', 'sxr', 'syz', 's8n', 'tea', 'ten', 'the', 'til', 'tim', 'tit', 'tnc', 'tnt', 'tom', 'tos', 'tux', 'two', 't_t', 'ufo', 'uno', 'usa', 'uwu', 'uwv', 'var', 'vcs', 'vex', 'vpn', 'v_v', 'wan', 'war', 'was', 'who', 'why', 'wii', 'win', 'wom', 'wow', 'wtf', 'www', 'wyd', 'xan', 'xor', 'xst', 'xxx', 'xyz', 'x_x', 'yay', 'yes', 'yob', 'yoo', 'you', 'zae', 'zag', 'zay', 'zed', 'zid', 'zig', 'zip', 'zlf', 'zoe', 'zoo', 'zye', 'zyx', 'zzz', '000', '001', '0_o', '0_0', '1st', '100', '116', '123', '167', '180', '256', '277', '3am', '334', '360', '404', '420', '429', '444', '608', '666', '68r', '7vv', '7_7', '9gr', '911', '999', '___', '_--', '-a-', '-gr', '-w-', '-zu', '-_-', '---']
List of 3chars part a. because it’s too big for a single post
['cat', 'cia', 'cis', 'cnn', 'com', 'con', 'cow', 'cpp', 'cvs', 'dad', 'day', 'dcs', 'dea', 'dev', 'dgd', 'die', 'dna', 'dog', 'dot', 'dvc', 'eee', 'ee2', 'egg', 'emo', 'est', 'etc', 'eth', 'euh', 'eve', 'eye', 'fae', 'fag', 'fap', 'faq', 'fbi', 'fem', 'ffs', 'fin', 'fl8', 'fox', 'fsh', 'fug', 'f4f', 'gay', 'geo', 'ggg', 'ggs', 'gif', 'gmk', 'gmt', 'god', 'gov', 'gsa', 'gum', 'gun', 'guy', 'hah', 'ham', 'hex', 'him', 'hot', 'how', 'huh', 'ian', 'ice', 'icy', 'idc', 'idk', 'img', 'inf', 'ira', 'irs', 'ivy', 'i8d', 'i_i', 'jay', 'jef', 'jhb', 'jim', 'joe', 'jon', 'jum', 'kai', 'kaj', 'key', 'kfc', 'kid', 'kon', 'kup', 'k7e', 'leo', 'let', 'lim', 'lol', 'lxs', 'mac', 'man', 'max', 'ma6', 'mdl', 'mef', 'mew', 'mfa', 'mit', 'mmm', 'mod', 'mow', 'mws', 'nac', 'nah', 'nan', 'nbc', 'nbn', 'nbo', 'new', 'nft', 'nil', 'nou', 'now', 'npc', 'npg', 'nvm', 'nwu', 'nyc', 'off', 'oha', 'ohw', 'oil', 'omg', 'one', 'oni', 'ooc', 'org', 'owl', 'owo', 'o3o', 'o_o', 'pan', 'pay', 'pew', 'pex', 'pig', 'pin', 'pog', 'poo', 'pop', 'ppp', 'pro', 'qns', 'rae', 'rap', 'red', 'rei', 'rgb', 'rip',]
rarest name ever is probably @
(i think it was that emoji) or @:)
what's the rarest invalid username on here?
i would think either @/wasteof.money or @/david (admin) but there might be others i don't know about
if someone could do a few of those that would really help out, thanks!
L banned
also @jeffalo if you want to know a REAL security issue, you can change your password to blank and make accounts with no passwords. here’s one i just created: wasteof.money/$66d2ee2b7a4a6e673f8aaf76
there are probably >90 of these accounts (most banned) and considering really big lists of users have been created it would probably not be too hard to attempt to hack a bunch of them, by logging in without a password. soo… maybe fix this issue?
warning!
From the tests i have done, there are many vulnerabilities on this website, there are also a lot of bugs. Example: when posting something, if you spam click `post` it will create a post for every time you click the button, there should be an implementation to limit the time between posts and to make the button a one time click. (THIS BUG MAKES THE SITE LAG!). its also a pain to delete all of the posts if you accidentally do so as the site refreshes but will still lag and there is a small chance that the post will not be deleted. There is also a password vulnerability… maybe don’t have the user’s passwords get stored as a plain document.
THERE ARE VULNERABILITIES IN THE REPO!; Yes, even tho the repo is the legacy site and isn’t used anymore it is still good to state the vulnerabilities on the repo as people might use the template to make their own site like this and wont know of the vulnerabilities in the code:
List of the vulnerabilities on the repo: SQL Injection, Cross-Site Scripting (XSS), Insecure Direct Object Reference (IDOR), Lack of Input Validation, Insecure, Outdated Dependencies, Lack of Error Handling, Insecure Session Managemen, Storage of Sensitive Data(user and password information: Insecure Password Storage, Weak Password Hashing, Lack of Password Salting, Insecure Password Verification, Missing Password Complexity Requirements, insecure Password Reset Token Generation, insecure Password Storage in Sessions), Lack of Secure Communication… sry <3
https://web.archive.org/web/20240623124457/wasteof.money/users/impossible%20usernames
so one day i can prove it was real
what's the rarest invalid username on here?
i would think either @/wasteof.money or @/david (admin) but there might be others i don't know about