DragonFireGamesLvl 11
No userscripts, no inspect console, pure code.org tomfoolery
Varrience
[WUT] Adam
imreallyhuman
miztis
BlockyheadmanLvl 12what.
MonsterYT_DaGamerLvl 8What even is that
DragonFireGamesLvl 11
MonsterYT_DaGamerLvl 8DragonFireGames oh yes, that explains everything
DragonFireGamesLvl 11MonsterYT_DaGamer Short summary, I can block inspect console & data browser at the same time.
[WUT] AdamLvl 13Give. Now.
DragonFireGamesLvl 11[WUT] Adam Now, here is the problem, it gives you TOTAL access to all of the inspect console from within a gamelab project. You can execute scripts on the behalf of anyone running the project. I can create a project which when run will replace your projects with copies of that project and publish them. Do you understand the security issue this presents?
DragonFireGamesLvl 11A proper demonstration of it's power.
EDIT: Removed video since it don't work
ackvonhuelioMonsterYT_DaGamerDragonFireGames Video won't play for me :(
Jibberjay unfortuante :)
MonsterYT_DaGamerLvl 8DragonFireGames imma need that
If i had coins i would give
MonsterYT_DaGamerLvl 8imreallyhuman don't you have 1.6 coins
DragonFireGamesLvl 11I've decided to report it as a bug to code.org since I realize the devastating potential of an exploit like this. For now, I shall wait until it is patched. Cry about it, but it's the responsible thing to do.
ackvonhuelioLvl 41imreallyhuman
owokoyo pfp crazy
[WUT] AdamLvl 13DragonFireGames Damn 😔
but that is the responsible thing to do ngl
Letti42Lvl 6DragonFireGames thats not good
Binary_CoderLvl 2DragonFireGames Did CDO ever respond or fix it? And would it be any less dangerous with the new gallery preventing publishing?
DragonFireGamesLvl 11Binary_Coder Nope, never happened, and yes it is less dangerous without public project publishing.
Varrience
