WalrusIRC disabled until further notice By: DJ Omnimaga Date: April 11, 2015, 04:41:45 PM
Due to a security exploit, WalrusIRC has been disabled until further notice. Please use OmnomIRC for the time being instead (go to profile->Group Membership then join the "OmnomIRC mode" usergroup).
WalrusIRC will be re-enabled once the bug has been fixed and that anything that can disrupt your CodeWalrus browsing experience has been deleted from the OIRC/WIRC logs.
Re: WalrusIRC disabled until further notice By: Streetwalrus Date: April 11, 2015, 04:42:34 PM
Juju disabled the exploitable code for now. Re-enabling.
Re: WalrusIRC disabled until further notice By: DarkestEx Date: April 11, 2015, 04:43:00 PM
Quote from: DJ Omnimaga on April 11, 2015, 04:41:45 PM
Due to a security exploit, WalrusIRC has been disabled until further notice. Please use OmnomIRC for the time being instead (go to profile->Group Membership then join the "OmnomIRC mode" usergroup).
WalrusIRC will be re-enabled once the bug has been fixed and that anything that can disrupt your CodeWalrus browsing experience has been deleted from the OIRC/WIRC logs.
Sorry,
@DJ Omnimaga for finding, that javascript exploit. I just wanted to let you know
Hopefully I don't get banned for that or anything...
Re: WalrusIRC disabled until further notice By: Juju Date: April 11, 2015, 04:46:05 PM
Yeah, please don't abuse security issues next time, told ya to not use alert()...
EDIT: Nope you're not getting banned
Re: WalrusIRC disabled until further notice By: DJ Omnimaga Date: April 11, 2015, 04:47:31 PM
Quote from: DarkestEx on April 11, 2015, 04:43:00 PM
Quote from: DJ Omnimaga on April 11, 2015, 04:41:45 PM
Due to a security exploit, WalrusIRC has been disabled until further notice. Please use OmnomIRC for the time being instead (go to profile->Group Membership then join the "OmnomIRC mode" usergroup).
WalrusIRC will be re-enabled once the bug has been fixed and that anything that can disrupt your CodeWalrus browsing experience has been deleted from the OIRC/WIRC logs.
Sorry, @DJ Omnimaga for finding, that javascript exploit. I just wanted to let you know
Hopefully I don't get banned for that or anything...
It's ok, thanks for letting us know at least
. Just make sure to not actually use the exploit next time unless it's not harmful or anything
(in the current case, it was more annoying than harmful, with random alerts popping up, but that could have scared some users away)
Re: WalrusIRC disabled until further notice By: DarkestEx Date: April 11, 2015, 05:21:31 PM
This issue becomes its own logo:
Lets call it Derpywalrus exploit
Re: WalrusIRC disabled until further notice By: Juju Date: April 11, 2015, 05:29:52 PM
The linkifier has been disabled until further notice until we have a fix (which should be quite simple). The exploit is also on OmnomIRC.
Re: WalrusIRC disabled until further notice By: DarkestEx Date: April 11, 2015, 05:33:11 PM
I wonder if the chat software could have problems aswell.
EDIT: It seems fine to me.
Re: WalrusIRC disabled until further notice By: Juju Date: April 11, 2015, 06:03:54 PM
It's been fixed on both WalrusIRC and OmnomIRC, on both CodeWalrus and Omnimaga, as of OmnomIRC version 2.9.0.5 and WalrusIRC version 0.0.3.
Re: WalrusIRC disabled until further notice By: DarkestEx Date: April 11, 2015, 06:10:25 PM
Sounds great!
For everybody who missed the thing, this was basically a way to sneak in javascript into links, like this:
Mouse-hovering over them executed (possible malicious) javascript.
Re: WalrusIRC disabled until further notice By: Juju Date: April 11, 2015, 06:13:53 PM
Yep. On WalrusIRC, it also worked with image tags, which also support onload, which could lead to even more disastrous results.
Re: WalrusIRC disabled until further notice By: DJ Omnimaga Date: April 11, 2015, 06:34:26 PM
Hopefully you can fix the bug soon since being able to click links in WIRC is very convenient, especially from New post notifications. On Cemetech we can't (anymore) so I always have to copy/paste them.
Re: WalrusIRC disabled until further notice By: Juju Date: April 12, 2015, 06:00:12 AM
Come to think, this bug's been there
since at least 2013, maybe even since 2010-2011. Omnimaga's (and also CodeWalrus and a bunch of other sites) been vulnerable since all this time, kind of weird when you think about it. If we were a big company such as Google or Facebook, we would have given
@DarkestEx something like $5000, but sadly we are not a big company. Please accept 5000 internet points instead. Oh well, it was fun while it lasted.
Re: WalrusIRC disabled until further notice By: Cumred_Snektron Date: April 12, 2015, 09:29:10 AM
Maybe give him "the Honor of finding a bug"
Re: WalrusIRC disabled until further notice By: Eiyeron Date: April 12, 2015, 11:13:03 AM
Quote from: Cumred_Snektron on April 12, 2015, 09:29:10 AM
Maybe give him "the Honor of finding a bug"
Bug-tracker rank?