Letti42Lvl 6- iPhone
DragonFireGames thats not good
;)
2 months later
Binary_CoderLvl 2
DragonFireGames Did CDO ever respond or fix it? And would it be any less dangerous with the new gallery preventing publishing?
DragonFireGamesLvl 11
Binary_Coder Nope, never happened, and yes it is less dangerous without public project publishing.
Awards
- â’¸ 0.1 from
VarrienceComment: Still can delete your account though lulz
- DragonFireGamesLvl 11
- Edited
The main issue with the vulnerability is that it allows projects to run scripts that can literally delete or edit projects in your account. I could make a project, that, when run, copies it's source code to all of your projects and then auto publishes them to the public gallery, propagating the worm across cdo wiping millions of projects.
Awards
- â’¸ 1 from
SquirrelGuy-5Comment: woof
birthdayboy224Lvl 2- Windows
DragonFireGames such power
a month later
- iPhone
If someone was good enough I’m sure that your inspect console blocker wouldn’t work against them.
- iPhone
SquirrelGuy-5 but I bet they’d have to be real good
- DragonFireGamesLvl 11
SquirrelGuy-5 It's not perfect, you can counter it, but it catches you off guard if you don't know about the counter.
- iPhone
DragonFireGames i see
personLvl 62
:0
16 days later
- iPhone
@DragonFireGames k, bruh, when u do dis, do u use a GameLab or Applab project.
(I mean for the auto copy code worm thing)
- DragonFireGamesLvl 11
SquirrelGuy-5 gamelab
- iPhone
DragonFireGames ok ✅
16 days later
- iPhone
@[WUT] Adam lookie what I found.
Awards
- â’¸ 0.1 from VarrienceComment: what matters more is if you can actually update those credentials to make additional requests of which permissions like that are probably behind admin privlages