update ada's name

This commit is contained in:
gnat 2025-01-11 20:52:16 -08:00
parent 7355435b6c
commit 6b60bdd861
3 changed files with 5 additions and 5 deletions

View File

@ -45,7 +45,7 @@
(p () "one must!")) (p () "one must!"))
(section () (section ()
(h2 () "post arbitrary data to be displayed here") (h2 () "post arbitrary data to be displayed here")
"yes, it does sanitize this" (a (:href "/html/unnamed-friend-entity-hack-1.html") "<del>(No you don't --sanitization tester)</del>") "yes, it does") "yes, it does sanitize this" (a (:href "/html/ada-hack-1.html") "<del>(No you don't --sanitization tester)</del>") "yes, it does")
(section (:class "ignore-section") (section (:class "ignore-section")
(form (:action "#" :method "post") (form (:action "#" :method "post")
(label (:for "text") "post text:") (label (:for "text") "post text:")

View File

@ -1,5 +1,5 @@
(defun html () (defun html ()
(page "unnamed friend entity" `((section () (page "ada" `((section ()
(h1 () "a friend hacked its website.") (h1 () "a friend hacked its website.")
(p () "but how?")) (p () "but how?"))
(section () (section ()
@ -8,7 +8,7 @@
this was due to any url beginning with '/html/' being unconditionally put through parse_file(), which generates static content from the embedded bash in the html (see <a href='/html/site-info.html'></a>). this was due to any url beginning with '/html/' being unconditionally put through parse_file(), which generates static content from the embedded bash in the html (see <a href='/html/site-info.html'></a>).
in addition to this, the source code of the server could be attained via a similar method, requesting the path of the file, but with /files/ or /html/ in front of it, followed by %2e%2e.") in addition to this, the source code of the server could be attained via a similar method, requesting the path of the file, but with /files/ or /html/ in front of it, followed by %2e%2e.")
(p () " (p () "
unnamed friend entity was able to exploit this by first getting the source code of the webserver via the second method discussed above, examining it, and deducing the first vulnerability mentioned above. ada was able to exploit this by first getting the source code of the webserver via the second method discussed above, examining it, and deducing the first vulnerability mentioned above.
upon discovering the RCE available via the comment untrusted command evaluation, they were able to add an ssh key to this one's server and thus gain a shell. upon discovering the RCE available via the comment untrusted command evaluation, they were able to add an ssh key to this one's server and thus gain a shell.
amazingly, at the same time that they did this, natalie's other friend's girlfriend (appearing in the comments as gexfan) was halfheartedly trying to mess with its site. amazingly, at the same time that they did this, natalie's other friend's girlfriend (appearing in the comments as gexfan) was halfheartedly trying to mess with its site.
this ended with around 15 messages on discord telling it its site had been hacked, only around two of which were from unnamed friend entity."))))) this ended with around 15 messages on discord telling it its site had been hacked, only around two of which were from ada.")))))

View File

@ -60,7 +60,7 @@
(a (:href "http://puppygirl.systems") "puppygirl.systems (stupid idiot who types &lt;hr/&gt;)") (a (:href "http://puppygirl.systems") "puppygirl.systems (stupid idiot who types &lt;hr/&gt;)")
" Semi functional now") " Semi functional now")
(span () (span ()
"unnamed friend entity: " "ada: "
(a (:href "https://iso-9995-9.com") "iso-9995-9.com") (a (:href "https://iso-9995-9.com") "iso-9995-9.com")
" (down? dns issue maybe)") " (down? dns issue maybe)")
(span () (span ()