[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vp / vr / w / wg / wsg / wsr / x / y ] [Home]
4chanarchives logo
4chan bug

You are currently reading a thread in /qa/ - Question & Answer
Thread replies: 17
Thread images: 2
Anonymous
4chan bug 2015-12-18 01:17:02 Post No. 384825
[Report] Image search: [Google]
File: l.jpg (22 KB, 700x392) Image search: [Google]
l.jpg
22 KB, 700x392
4chan bug Anonymous 2015-12-18 01:17:02 Post No. 384825 [Report]
Hi, Hiro, /pol/ user here.

I would just like to inform you I've found a bug that might be a security risk.

You can "linkify" URLs without a user having the "linkify" settings enabled.

For example:
https://sys.4chan.org/%64erefer?url=www.youtube.com

Also, there doesn't seem to be a lot of validation as it works with non-links too:
https://sys.4chan.org/%64erefer?url=hello%20Hiro

Just a friendly reminder that /pol/ has 4chan's best interests at heart and we'll always be looking out for 4chan.
>>
Anonymous 2015-12-18 02:10:15 Post No.384917
[Report]
Anonymous 2015-12-18 02:10:15 Post No.384917 [Report]
Has it been fixed already?
>>
Anonymous 2015-12-18 02:16:04 Post No.384932
[Report]
Anonymous 2015-12-18 02:16:04 Post No.384932 [Report]
the only security risk would be if someone attached a redirect but even then it would be fucking obvious IP or long string of seemingly random numbers, located after an @ or before the URL.
>>
Anonymous 2015-12-18 02:17:06 Post No.384934
[Report]
Anonymous 2015-12-18 02:17:06 Post No.384934 [Report]
>>384932
plus theres a proper place to report security risks, and it isnt here
>>
Anonymous 2015-12-18 02:17:42 Post No.384936
[Report]
Anonymous 2015-12-18 02:17:42 Post No.384936 [Report]
>>384934
Where?
>>
Anonymous 2015-12-18 02:27:28 Post No.384966
[Report] Image search: [Google]
Anonymous 2015-12-18 02:27:28 Post No.384966 [Report]
File: oo.png (899 KB, 1600x901) Image search: [Google]
oo.png
899 KB, 1600x901
>>384945
Man, I could have got a free Pass too.

Oh well, I know for next time.
>>
Anonymous 2015-12-18 02:27:59 Post No.384968
[Report]
Anonymous 2015-12-18 02:27:59 Post No.384968 [Report]
>>384966
>implying this is even a security risk
>>
Anonymous 2015-12-18 02:32:50 Post No.384977
[Report]
Anonymous 2015-12-18 02:32:50 Post No.384977 [Report]
>>384966
You still can. I doubt anyone's gonna bother reporting this.
>>
Anonymous 2015-12-18 02:41:45 Post No.385003
[Report]
Anonymous 2015-12-18 02:41:45 Post No.385003 [Report]
>>384968
It might be though, anon.

They obviously don't want people posting linkified links by default, so it's definitely a bug.

>>384977
I think it's too late to be honest.
>>
Anonymous 2015-12-18 02:43:48 Post No.385009
[Report]
Anonymous 2015-12-18 02:43:48 Post No.385009 [Report]
>>385003
yeah dude follow this totally legit looking link

https://sys.4chan.org/%[email protected]
>>
Anonymous 2015-12-18 02:45:37 Post No.385016
[Report]
Anonymous 2015-12-18 02:45:37 Post No.385016 [Report]
>>385009
Doesn't matter, people will still click it.
>>
Anonymous 2015-12-18 02:46:43 Post No.385020
[Report]
Anonymous 2015-12-18 02:46:43 Post No.385020 [Report]
>>385016
then they deserve what they get
>>
Anonymous 2015-12-18 02:47:47 Post No.385022
[Report]
Anonymous 2015-12-18 02:47:47 Post No.385022 [Report]
>>384825

>Just a friendly reminder that /pol/ has 4chan's best interests at heart and we'll always be looking out for 4chan.

then why do you keep shitting your shitposts all over /ck/? shit and food should never go together.
>>
Anonymous 2015-12-18 02:50:09 Post No.385028
[Report]
Anonymous 2015-12-18 02:50:09 Post No.385028 [Report]
>>385022
#NotInMyName, #NotAll/pol/acks, #AintNo/pol/ackBruv, etc.
>>
Anonymous 2015-12-18 02:50:54 Post No.385030
[Report]
Anonymous 2015-12-18 02:50:54 Post No.385030 [Report]
>>384825
I used to use this thing all the time before linkification was in native. Mods didn't like it, though.
>>
Anonymous 2015-12-18 02:54:19 Post No.385036
[Report]
Anonymous 2015-12-18 02:54:19 Post No.385036 [Report]
>>385030
I think they must have fixed it once because if I don't use hexadecimal in the links it doesn't linkify:

https://sys.4chan.org/derefer?url=test
Thread replies: 17
Thread images: 2
[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vp / vr / w / wg / wsg / wsr / x / y] [Home]
All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
If a post contains personal/copyrighted/illegal content you can contact me at [email protected] with that post and thread number and it will be removed as soon as possible.
If a post contains illegal content, please click on its [Report] button and follow the instructions.
This is a 4chan archive - all of the content originated from them. If you need information for a Poster - you need to contact them.
This website shows only archived content and is not affiliated with 4chan in any way.
If you like this website please support us by donating with Bitcoin at 1XVgDnu36zCj97gLdeSwHMdiJaBkqhtMK