■ Este hilo se encuentra guardado en el archivo
Discord tiene vulnerabilidades a nivel de sistema (12 respuestas)
1 :
root@bienvenidoainternet.org:~#
: 10/08/18(vie)13:25:44
ID:JyYxLj1F0!
>Discord’s improper implementation has led to serious problems in the past, turning small vulnerabilities into large exploits allowing attackers control of victim’s computers. These problems primarily stem from the application’s use of Electron.js. Electron is a framework used to turn node.js programs and html interfaces into full applications that canbe deployed cross platform. This is done through a pairing of the blink engine (from chrome) and a node.js interpreter. A slight problem arises from this. Javacript from outside sources displayed within electron is executed as node.js code unless displayed through a webview tag.
>In no place within Discord is webview used to pad areas where user input is displayed. Should an xss vulnerability be found within the application, user machines can be exploited at the system level, rather than in the sandboxed environment of the web browser. Xss vulnerabilities have been found and patched in the application (most notably one involving the data: uri). It appears that Discord is aware of this problem, and has created a bug bounty system in an attempt to catch new faws and minimize damage. However this will only do them so much good. Others have discovered discord’s faws, and sales of xss vulnerabilities may have occurred in secret (damagelab).
Andan bien pendientes de Discord últimamente ustedes ah ...
Discord ha depositado 5 dólares en tu cuenta bancaria.
5 :
root@bienvenidoainternet.org:~#
: 10/08/18(vie)13:54:45
ID:mhktDFPZa
de donde sacaste esta info?, para compartirla digoyo
igual se sabe que al ser hecho en chromium es terrible vulnerable
>>3Será porque, oye no sé, ¿en BaI hay un servidor de Discord?
7 :
root@bienvenidoainternet.org:~#
: 10/08/18(vie)14:06:53
ID:JyYxLj1F0!
Cero referencias, cero evidencia. Descartado.
Referencias en un documento que explica vulnerabilidades de seguridad... ww
Googlee "CVE" y de ahí hablamos, perrín.
Me basta con que use Electrón y node.js para no querer usarlo, y ni hablar del datamining y todo eso.
3 KB
■ Este hilo se encuentra guardado en el archivo
weabot.py ver 0.10.9
Bienvenido a Internet BBS/IB