HackerTrans
TopNewTrendsCommentsPastAskShowJobs

hackideiomat

no profile record

Submissions

Domain Spoofing Vuln in Status Android Wallet

github.com
3 points·by hackideiomat·2 anni fa·1 comments

Excel World Championship [video]

youtube.com
3 points·by hackideiomat·3 anni fa·0 comments

comments

hackideiomat
·2 anni fa·discuss
This android wallet has an internal browser and it incorrectly strips www. from hosts. This also affects their permission system, meaning this is the perfect bug to phish users.

They didn't answer multiple mails in 30 days, so it's being disclosed.
hackideiomat
·2 anni fa·discuss
Don't get me wrong, I do use kagi. but it's not nearly what I wish it'd be.
hackideiomat
·2 anni fa·discuss
Maybe MetaGer if you can live with their quality
hackideiomat
·2 anni fa·discuss
Oh yes because of the CSP. The CSP that allows forms that can change your settings... you could easily use the above bug to get some impact with an additional click on a form's submit button.

Admittedly, no full XSS anymore, but still dangerous and shows their lack of understanding and caring about security.

It's not the only place you can inject HTML and not every page has a CSP...
hackideiomat
·2 anni fa·discuss
Go look at MetaGer, they solved that issue
hackideiomat
·2 anni fa·discuss
Ha, exactly! They rarely fix bugs.

E.g., XSS / HTML injection in summarizer or discuss document. Or their broken CSP which allows injecting forms to e.g., change settings.

They haven't fixed many reported issues in a while, and just to prove I'm not lying: https://kagi.com/discussdoc?url=https%3A%2F%2Fkagi.com%2Fcha...
hackideiomat
·2 anni fa·discuss
They do not take security and privacy seriously
hackideiomat
·2 anni fa·discuss
I don't want that?
hackideiomat
·2 anni fa·discuss
Well if you attack his friends, it's not okay, but if you go which death upon 'the leftists' he wouldn't say a thing, I bet
hackideiomat
·2 anni fa·discuss
Dude can move so many millions around I'd shit my pants if he tells me to die slow.
hackideiomat
·2 anni fa·discuss
[flagged]
hackideiomat
·2 anni fa·discuss
oh man I didn't know I'd hate this guy :D
hackideiomat
·3 anni fa·discuss
There's another tool like this called horcrux, which I find to be a better name personally.
hackideiomat
·3 anni fa·discuss
=cmd|' /C calc'!A0
hackideiomat
·3 anni fa·discuss
C is unsafe
hackideiomat
·3 anni fa·discuss
Don't you ever care about upsetting people who live in countries with unreasonable gun laws. Especially third world countries like the US.
hackideiomat
·3 anni fa·discuss
> a query for red shoes is mostly red shoes

well I get mostly black shoes lol

Edit: ah no, they just use half a page for shoe shops first with black shoes as logo??
hackideiomat
·3 anni fa·discuss
Sending network packets. Like, I send you a big array of bytes and you write it to a small buffer and therefore I overwrite unintended data.
hackideiomat
·3 anni fa·discuss
Right, there haven't been crazy Java exploits going around the past few months, only Rust and Go!
hackideiomat
·3 anni fa·discuss
Switch to security :)