HackerTrans
TopNewTrendsCommentsPastAskShowJobs

hackideiomat

no profile record

Submissions

Domain Spoofing Vuln in Status Android Wallet

github.com
3 points·by hackideiomat·قبل سنتين·1 comments

Excel World Championship [video]

youtube.com
3 points·by hackideiomat·قبل 3 سنوات·0 comments

comments

hackideiomat
·قبل سنتين·discuss
This android wallet has an internal browser and it incorrectly strips www. from hosts. This also affects their permission system, meaning this is the perfect bug to phish users.

They didn't answer multiple mails in 30 days, so it's being disclosed.
hackideiomat
·قبل سنتين·discuss
Don't get me wrong, I do use kagi. but it's not nearly what I wish it'd be.
hackideiomat
·قبل سنتين·discuss
Maybe MetaGer if you can live with their quality
hackideiomat
·قبل سنتين·discuss
Oh yes because of the CSP. The CSP that allows forms that can change your settings... you could easily use the above bug to get some impact with an additional click on a form's submit button.

Admittedly, no full XSS anymore, but still dangerous and shows their lack of understanding and caring about security.

It's not the only place you can inject HTML and not every page has a CSP...
hackideiomat
·قبل سنتين·discuss
Go look at MetaGer, they solved that issue
hackideiomat
·قبل سنتين·discuss
Ha, exactly! They rarely fix bugs.

E.g., XSS / HTML injection in summarizer or discuss document. Or their broken CSP which allows injecting forms to e.g., change settings.

They haven't fixed many reported issues in a while, and just to prove I'm not lying: https://kagi.com/discussdoc?url=https%3A%2F%2Fkagi.com%2Fcha...
hackideiomat
·قبل سنتين·discuss
They do not take security and privacy seriously
hackideiomat
·قبل سنتين·discuss
I don't want that?
hackideiomat
·قبل سنتين·discuss
Well if you attack his friends, it's not okay, but if you go which death upon 'the leftists' he wouldn't say a thing, I bet
hackideiomat
·قبل سنتين·discuss
Dude can move so many millions around I'd shit my pants if he tells me to die slow.
hackideiomat
·قبل سنتين·discuss
[flagged]
hackideiomat
·قبل سنتين·discuss
oh man I didn't know I'd hate this guy :D
hackideiomat
·قبل 3 سنوات·discuss
There's another tool like this called horcrux, which I find to be a better name personally.
hackideiomat
·قبل 3 سنوات·discuss
=cmd|' /C calc'!A0
hackideiomat
·قبل 3 سنوات·discuss
C is unsafe
hackideiomat
·قبل 3 سنوات·discuss
Don't you ever care about upsetting people who live in countries with unreasonable gun laws. Especially third world countries like the US.
hackideiomat
·قبل 3 سنوات·discuss
> a query for red shoes is mostly red shoes

well I get mostly black shoes lol

Edit: ah no, they just use half a page for shoe shops first with black shoes as logo??
hackideiomat
·قبل 3 سنوات·discuss
Sending network packets. Like, I send you a big array of bytes and you write it to a small buffer and therefore I overwrite unintended data.
hackideiomat
·قبل 3 سنوات·discuss
Right, there haven't been crazy Java exploits going around the past few months, only Rust and Go!
hackideiomat
·قبل 3 سنوات·discuss
Switch to security :)