Bienvenido a Internet ■Volver al BBS■ Hilo completo ▼Bajar▼
■ Este hilo se encuentra guardado en el archivo

Discord tiene vulnerabilidades a nivel de sistema (12 respuestas)

1 : root@bienvenidoainternet.org:~# : 10/08/18(vie)13:25:44 ID:JyYxLj1F0!

>Discord’s improper implementation has led to serious problems in the past, turning small vulnerabilities into large exploits allowing attackers control of victim’s computers. These problems primarily stem from the application’s use of Electron.js. Electron is a framework used to turn node.js programs and html interfaces into full applications that canbe deployed cross platform. This is done through a pairing of the blink engine (from chrome) and a node.js interpreter. A slight problem arises from this. Javacript from outside sources displayed within electron is executed as node.js code unless displayed through a webview tag.
>In no place within Discord is webview used to pad areas where user input is displayed. Should an xss vulnerability be found within the application, user machines can be exploited at the system level, rather than in the sandboxed environment of the web browser. Xss vulnerabilities have been found and patched in the application (most notably one involving the data: uri). It appears that Discord is aware of this problem, and has created a bug bounty system in an attempt to catch new faws and minimize damage. However this will only do them so much good. Others have discovered discord’s faws, and sales of xss vulnerabilities may have occurred in secret (damagelab).

2 : : 10/08/18(vie)13:35:20 ID:???0!

¿A quién estás citando?

3 : : 10/08/18(vie)13:44:13 ID:???0

Andan bien pendientes de Discord últimamente ustedes ah ...

4 : : 10/08/18(vie)13:49:14 ID:???0!

Discord ha depositado 5 dólares en tu cuenta bancaria.

5 : root@bienvenidoainternet.org:~# : 10/08/18(vie)13:54:45 ID:mhktDFPZa

de donde sacaste esta info?, para compartirla digoyo

igual se sabe que al ser hecho en chromium es terrible vulnerable

6 : : 10/08/18(vie)14:00:11 ID:???0

>>3
Será porque, oye no sé, ¿en BaI hay un servidor de Discord?

7 : root@bienvenidoainternet.org:~# : 10/08/18(vie)14:06:53 ID:JyYxLj1F0!

>>5
De un pdf hecho por unos fachos gringos.
https://web.archive.org/web/20180528205030/http://subvert.pw/res/discord.pdf

8 : : 10/08/18(vie)14:12:30 ID:???0!

Cero referencias, cero evidencia. Descartado.

9 : : 10/08/18(vie)14:16:03 ID:???0

Referencias en un documento que explica vulnerabilidades de seguridad... ww

10 : : 10/08/18(vie)14:18:59 ID:???0!

Googlee "CVE" y de ahí hablamos, perrín.

11 : : 11/08/18(sab)00:41:16 ID:???a

Me basta con que use Electrón y node.js para no querer usarlo, y ni hablar del datamining y todo eso.

12 : : 14/08/18(mar)17:57:01 ID:???0

https://discordapp.com/open-source
Aman tanto el open source que aún no liberan el código fuente después de tres años.
3 KB
■ Este hilo se encuentra guardado en el archivo
■Volver al BBS■ Hilo completo ▲Subir▲
weabot.py ver 0.10.9 Bienvenido a Internet BBS/IB