;)

DragonFireGames · 2024-02-05T07:25:49+01:00

No userscripts, no inspect console, pure code.org tomfoolery

DragonFireGames

A proper demonstration of it's power.

EDIT: Removed video since it don't work

Jibberjay

DragonFireGames Video won't play for me :(

what-the-dog-doin

Jibberjay unfortuante :)

MonsterYT_DaGamer

DragonFireGames imma need that

imreallyhuman

If i had coins i would give

MonsterYT_DaGamer

imreallyhuman don't you have 1.6 coins

ackvonhuelio

imreallyhuman
owokoyo pfp crazy

DragonFireGames

I've decided to report it as a bug to code.org since I realize the devastating potential of an exploit like this. For now, I shall wait until it is patched. Cry about it, but it's the responsible thing to do.

[WUT] Adam

DragonFireGames Damn 😔

but that is the responsible thing to do ngl

Binary_Coder

DragonFireGames Did CDO ever respond or fix it? And would it be any less dangerous with the new gallery preventing publishing?

Letti42

DragonFireGames thats not good

DragonFireGames

Binary_Coder Nope, never happened, and yes it is less dangerous without public project publishing.

DragonFireGames

The main issue with the vulnerability is that it allows projects to run scripts that can literally delete or edit projects in your account. I could make a project, that, when run, copies it's source code to all of your projects and then auto publishes them to the public gallery, propagating the worm across cdo wiping millions of projects.