HackerTrans
TopNewTrendsCommentsPastAskShowJobs

hackideiomat

no profile record

Submissions

Domain Spoofing Vuln in Status Android Wallet

github.com
3 points·by hackideiomat·2 yıl önce·1 comments

Excel World Championship [video]

youtube.com
3 points·by hackideiomat·3 yıl önce·0 comments

comments

hackideiomat
·2 yıl önce·discuss
This android wallet has an internal browser and it incorrectly strips www. from hosts. This also affects their permission system, meaning this is the perfect bug to phish users.

They didn't answer multiple mails in 30 days, so it's being disclosed.
hackideiomat
·2 yıl önce·discuss
Don't get me wrong, I do use kagi. but it's not nearly what I wish it'd be.
hackideiomat
·2 yıl önce·discuss
Maybe MetaGer if you can live with their quality
hackideiomat
·2 yıl önce·discuss
Oh yes because of the CSP. The CSP that allows forms that can change your settings... you could easily use the above bug to get some impact with an additional click on a form's submit button.

Admittedly, no full XSS anymore, but still dangerous and shows their lack of understanding and caring about security.

It's not the only place you can inject HTML and not every page has a CSP...
hackideiomat
·2 yıl önce·discuss
Go look at MetaGer, they solved that issue
hackideiomat
·2 yıl önce·discuss
Ha, exactly! They rarely fix bugs.

E.g., XSS / HTML injection in summarizer or discuss document. Or their broken CSP which allows injecting forms to e.g., change settings.

They haven't fixed many reported issues in a while, and just to prove I'm not lying: https://kagi.com/discussdoc?url=https%3A%2F%2Fkagi.com%2Fcha...
hackideiomat
·2 yıl önce·discuss
They do not take security and privacy seriously
hackideiomat
·2 yıl önce·discuss
I don't want that?
hackideiomat
·2 yıl önce·discuss
Well if you attack his friends, it's not okay, but if you go which death upon 'the leftists' he wouldn't say a thing, I bet
hackideiomat
·2 yıl önce·discuss
Dude can move so many millions around I'd shit my pants if he tells me to die slow.
hackideiomat
·2 yıl önce·discuss
[flagged]
hackideiomat
·2 yıl önce·discuss
oh man I didn't know I'd hate this guy :D
hackideiomat
·3 yıl önce·discuss
There's another tool like this called horcrux, which I find to be a better name personally.
hackideiomat
·3 yıl önce·discuss
=cmd|' /C calc'!A0
hackideiomat
·3 yıl önce·discuss
C is unsafe
hackideiomat
·3 yıl önce·discuss
Don't you ever care about upsetting people who live in countries with unreasonable gun laws. Especially third world countries like the US.
hackideiomat
·3 yıl önce·discuss
> a query for red shoes is mostly red shoes

well I get mostly black shoes lol

Edit: ah no, they just use half a page for shoe shops first with black shoes as logo??
hackideiomat
·3 yıl önce·discuss
Sending network packets. Like, I send you a big array of bytes and you write it to a small buffer and therefore I overwrite unintended data.
hackideiomat
·3 yıl önce·discuss
Right, there haven't been crazy Java exploits going around the past few months, only Rust and Go!
hackideiomat
·3 yıl önce·discuss
Switch to security :)