Alternatively, join us on Discord.

WalrusIRC disabled until further notice

Started by DJ Omnimaga, April 11, 2015, 04:41:45 pm

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

DJ Omnimaga

Due to a security exploit, WalrusIRC has been disabled until further notice. Please use OmnomIRC for the time being instead (go to profile->Group Membership then join the "OmnomIRC mode" usergroup).

WalrusIRC will be re-enabled once the bug has been fixed and that anything that can disrupt your CodeWalrus browsing experience has been deleted from the OIRC/WIRC logs.

Streetwalrus

Juju disabled the exploitable code for now. Re-enabling.

DarkestEx

Quote from: DJ Omnimaga on April 11, 2015, 04:41:45 pm
Due to a security exploit, WalrusIRC has been disabled until further notice. Please use OmnomIRC for the time being instead (go to profile->Group Membership then join the "OmnomIRC mode" usergroup).

WalrusIRC will be re-enabled once the bug has been fixed and that anything that can disrupt your CodeWalrus browsing experience has been deleted from the OIRC/WIRC logs.

Sorry, @DJ Omnimaga for finding, that javascript exploit. I just wanted to let you know :(
Hopefully I don't get banned for that or anything...

Juju

April 11, 2015, 04:46:05 pm #3 Last Edit: April 11, 2015, 04:47:40 pm by Juju
Yeah, please don't abuse security issues next time, told ya to not use alert()...

EDIT: Nope you're not getting banned :P
Read Zarmina!
YUKI-CHAAAANNNN
In the beginning there was walrii. In the end there will be walrii. All hail our supreme leader :walrii: --Snektron



if you wanna throw money at me and/or CodeWalrus monthly it's here

DJ Omnimaga

Quote from: DarkestEx on April 11, 2015, 04:43:00 pm
Quote from: DJ Omnimaga on April 11, 2015, 04:41:45 pm
Due to a security exploit, WalrusIRC has been disabled until further notice. Please use OmnomIRC for the time being instead (go to profile->Group Membership then join the "OmnomIRC mode" usergroup).

WalrusIRC will be re-enabled once the bug has been fixed and that anything that can disrupt your CodeWalrus browsing experience has been deleted from the OIRC/WIRC logs.

Sorry, @DJ Omnimaga for finding, that javascript exploit. I just wanted to let you know :(
Hopefully I don't get banned for that or anything...
It's ok, thanks for letting us know at least :). Just make sure to not actually use the exploit next time unless it's not harmful or anything :P (in the current case, it was more annoying than harmful, with random alerts popping up, but that could have scared some users away)

DarkestEx

This issue becomes its own logo:


Lets call it Derpywalrus exploit

Juju

The linkifier has been disabled until further notice until we have a fix (which should be quite simple). The exploit is also on OmnomIRC.
Read Zarmina!
YUKI-CHAAAANNNN
In the beginning there was walrii. In the end there will be walrii. All hail our supreme leader :walrii: --Snektron



if you wanna throw money at me and/or CodeWalrus monthly it's here

DarkestEx

I wonder if the chat software could have problems aswell.

EDIT: It seems fine to me.

Juju

It's been fixed on both WalrusIRC and OmnomIRC, on both CodeWalrus and Omnimaga, as of OmnomIRC version 2.9.0.5 and WalrusIRC version 0.0.3.
Read Zarmina!
YUKI-CHAAAANNNN
In the beginning there was walrii. In the end there will be walrii. All hail our supreme leader :walrii: --Snektron



if you wanna throw money at me and/or CodeWalrus monthly it's here

DarkestEx

Sounds great!

For everybody who missed the thing, this was basically a way to sneak in javascript into links, like this:


Mouse-hovering over them executed (possible malicious) javascript.

Juju

Yep. On WalrusIRC, it also worked with image tags, which also support onload, which could lead to even more disastrous results.
Read Zarmina!
YUKI-CHAAAANNNN
In the beginning there was walrii. In the end there will be walrii. All hail our supreme leader :walrii: --Snektron



if you wanna throw money at me and/or CodeWalrus monthly it's here

DJ Omnimaga

Hopefully you can fix the bug soon since being able to click links in WIRC is very convenient, especially from New post notifications. On Cemetech we can't (anymore) so I always have to copy/paste them.

Juju

Come to think, this bug's been there since at least 2013, maybe even since 2010-2011. Omnimaga's (and also CodeWalrus and a bunch of other sites) been vulnerable since all this time, kind of weird when you think about it. If we were a big company such as Google or Facebook, we would have given @DarkestEx something like $5000, but sadly we are not a big company. Please accept 5000 internet points instead. Oh well, it was fun while it lasted.
Read Zarmina!
YUKI-CHAAAANNNN
In the beginning there was walrii. In the end there will be walrii. All hail our supreme leader :walrii: --Snektron



if you wanna throw money at me and/or CodeWalrus monthly it's here

Snektron

Maybe give him "the Honor of finding a bug" :P
Legends say if you spam more than DJ Omnimaga, you will become a walrus...


Duke "Tape" Eiyeron


Powered by EzPortal