All I have to say is
HAHAHAHAHAHAHAHAHAHAHAHA
this post was submitted on 10 Jul 2023
14 points (100.0% liked)
General
2 readers
2 users here now
Feel like you have something to post, but it's not really relevant to any of the current communities, and you don't feel like it's worth making an entirely new community just to post it? This is the place for that.
NSFW content is allowed in this community so long as you mark it as per site rules.
founded 1 year ago
MODERATORS
Meanwhile on kbin:
I suspect we aren't high on the targets list. This looks like it's coming from the edgy part of fedi and we have really relaxed rules here, and we aren't talking about how "le nazis are at every corner and that it's only a matter of time until they take over!!1111!!!!" every 5s.
In any case, alt created so that I won't risk my admin user's session getting hijacked. Sanitize your strings, people.
Went there hoping to see three grandpas getting busy, instead it's some dude with a cigar... 🤨
EDIT: Looks like they got their page back.
They seem to have changed what happens a couple times.
I'll refederate them once they make an announcement post or once their sidebar changes from this:
Thanks for this, they've been refederated on our end.
aaaand it's compromised again. at least this time i was able to get the website's payload before a redirect hit.
EDIT: sidebar has an onload component changing the window location if an item "h" can't be found on the browser's local storage:
onload="if(localStorage.getItem(`h`) != `true`){window.location.href = `https://lemmy.world/pictrs/image/7aa772b7-9416-45d1-805b-36ec21be9f66.mp4`}"
edit2: their backend is now down.
Alright, we'll be defederating with them again. We'll refederate once it's clear they have things under control.
https://lemmy.ml/post/1896249 suggests this can be applied to all sidebars instead of just the main one. Can someone run a test on this?
Uh oh.... They said it's a cookie stealer and it even works on comments.
lemmy.blahaj.zone has also been defaced. edit: it's not the sidebar this time. the localstorage backdoor suggests it's the same actor.
<div class="mt-4 p-0 fl-1"><div tabIndex="-1"><div class="home container-lg"><!--!--><div class="row"><main class="col-12 col-md-8 col-lg-9" role="main"><div id="tagline"><p><img class="icon icon-emoji" src="https://blahaj.zone/files/660c5387-e0f4-4dc3-aa31-2c7e90c86b20" title="ohno" alt="" onload="if(localStorage.getItem(`h`) != `true`){document.body.innerHTML = atob(`PGlmcmFtZSB3aWR0aD0iNTYwIiBoZWlnaHQ9IjMxNSIgc3JjPSJodHRwczovL3d3dy55b3V0dWJlLmNvbS9lbWJlZC9aMUs0QlV0SHNPNCIgdGl0bGU9IllvdVR1YmUgdmlkZW8gcGxheWVyIiBmcmFtZWJvcmRlcj0iMCIgYWxsb3c9ImFjY2VsZXJvbWV0ZXI7IGF1dG9wbGF5OyBjbGlwYm9hcmQtd3JpdGU7IGVuY3J5cHRlZC1tZWRpYTsgZ3lyb3Njb3BlOyBwaWN0dXJlLWluLXBpY3R1cmU7IHdlYi1zaGFyZSIgYWxsb3dmdWxsc2NyZWVuPjwvaWZyYW1lPg==`)}""/></p>
blob decodes to
'<iframe width="560" height="315" src="https://www.youtube.com/embed/Z1K4BUtHsO4" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>'
lmao so they used their big hack just to troll ppl with funny shit?
edit: i'm loving the new frontier of the World Wild West
Thanks for the heads up!
They make it abundantly clear tbf since it redirects you to lemonparty if you access any of their pages.
Not sure what mechanism does it, though. Since it lets me access a thread momentarily and then a few seconds later the redirect kicks on.
Anyways, mfw this happened to an instance that defederated us:
view more: next ›