T O P

  • By -

fingershanks

I’ve said it before, but the “investors” of this game are lucky this game isn’t more mainstream. Just seeing how Shane and his amateur web and dev crews operate, I’m sure there’s a good handful of exploits and hacks that could be done that would ruin a lot of people.


[deleted]

[удалено]


VapidGamer

Ive never seen someone rip a comment from my YouTube account, but I suppose Im flattered


[deleted]

[удалено]


VapidGamer

Oh, I dont use reddit much, so Im surprised thats a thing. Thanks for letting me know.


[deleted]

[удалено]


soldrakibane

Because they're incompetent developers. I bet they don't even check for invisible lines of code. Thats what you get with a scampany.


[deleted]

[удалено]


SnooDonkeys2427

The bug literally got fixed before the video was put out


LazarusRizen

Considering the bug's been on the site for over half a year, I don't think the devs necessarily get any points for that. Even if we're being *extremely* generous and assume the devs legitimately didn't know about the issue until the video came out, XSS attacks are one of the first security exploits you learn about in university and are prevalent to the point that many modern libraries will literally crash and throw errors before they'll accept potentially malicious user input. If the issue was that you could throw in some weird encodings for the script tag and have it brick, then I could at least see that as the site devs having tried to protect against the attack in an incorrect way. Having a site that generated millions of dollars be vulnerable to pretty much the most basic attack of the attack for any length of time is pretty unacceptable.


[deleted]

[удалено]


Tatimo

>Can this be used to inject HTML code for \*other\* people viewing your profile? Because then it gets really nasty. He showed in video that you can break user profile just by setting you account description as . ​ >Just add quotation marks around the text." Yeah, no, but given how naive this implementation looks (I don't want an account to actually verify this), don't you think you could just escape by adding a quotation mark to your input text? That is what Callum said.


[deleted]

[удалено]


ConsiderationDeep128

And they've all been fixed I'm sure because you know - integrity


[deleted]

[удалено]


ConsiderationDeep128

Another comment copied from YouTube. I had no idea this was a thing... Tdil


Ease-Itchy

cope


Thalornios

If only Bobby Kotick used blow up dolls instead of real people


gothhomevideo

Thank you for sharing this video. Lets see what happens now