#1 skybucks millionaire
@richardwrites672.bsky.social
adrianus websites try not to have every vulnerability type challenge
adrianus count: 4 xss (technically 5 if you count the firstpost xss), 10 sqli
non-adrianus count: 15 xss, 6 sqli, 1 hamburger, 5 auth bypass, 10+ "chatDisabled":true
https://6v.pages.dev
adrianus count: 4 xss (technically 5 if you count the firstpost xss), 10 sqli
non-adrianus count: 15 xss, 6 sqli, 1 hamburger, 5 auth bypass, 10+ "chatDisabled":true
https://6v.pages.dev
oh wow, twexit's back, i sure hope adrianus has done literally anything to improve his website's security
August 12, 2024 at 7:36 PM
oh wow, twexit's back, i sure hope adrianus has done literally anything to improve his website's security
Pro tip: you can send messages from banned accounts, and people will still receive it (although the message is only visible in the preview)
May 26, 2024 at 9:29 AM
Pro tip: you can send messages from banned accounts, and people will still receive it (although the message is only visible in the preview)
Reposted by #1 skybucks millionaire
SkyBucksというスパムDMが一部で横行しているようです。コードのコメントを見る限りイタズラっぽいんですが、リンク先には飛ばないようにしましょう(キーストロークなどもトラッキングされているようなのでアカパスとか入力しちゃダメ)。ちなみにClaim Giftすると「Blueskyに広告を出稿したりポストに色を付けられる」らしいです。すごいね
May 26, 2024 at 1:24 AM
SkyBucksというスパムDMが一部で横行しているようです。コードのコメントを見る限りイタズラっぽいんですが、リンク先には飛ばないようにしましょう(キーストロークなどもトラッキングされているようなのでアカパスとか入力しちゃダメ)。ちなみにClaim Giftすると「Blueskyに広告を出稿したりポストに色を付けられる」らしいです。すごいね
Here's a screenshot of BitView's admin panel.
March 9, 2024 at 9:05 PM
Here's a screenshot of BitView's admin panel.
Reposted by #1 skybucks millionaire
Skyname is back online.
Please read below for a detailed postmortem of the incident:
darn.blog/2024-01-14-s...
Please read below for a detailed postmortem of the incident:
darn.blog/2024-01-14-s...
Skyname experienced a brief incident today where a malicious third party was able to overwrite DNS records pointing to registered usernames.
All usernames have been successfully restored, and you should expect to see yours update in 24-48 hours if you're still seeing Invalid Handle.
All usernames have been successfully restored, and you should expect to see yours update in 24-48 hours if you're still seeing Invalid Handle.
January 16, 2024 at 3:12 AM
Skyname is back online.
Please read below for a detailed postmortem of the incident:
darn.blog/2024-01-14-s...
Please read below for a detailed postmortem of the incident:
darn.blog/2024-01-14-s...
Reposted by #1 skybucks millionaire
Skyname experienced a brief incident today where a malicious third party was able to overwrite DNS records pointing to registered usernames.
All usernames have been successfully restored, and you should expect to see yours update in 24-48 hours if you're still seeing Invalid Handle.
All usernames have been successfully restored, and you should expect to see yours update in 24-48 hours if you're still seeing Invalid Handle.
January 14, 2024 at 11:35 PM
Skyname experienced a brief incident today where a malicious third party was able to overwrite DNS records pointing to registered usernames.
All usernames have been successfully restored, and you should expect to see yours update in 24-48 hours if you're still seeing Invalid Handle.
All usernames have been successfully restored, and you should expect to see yours update in 24-48 hours if you're still seeing Invalid Handle.
I now control every skyname handle :)
(Well, every skyname handle that has appeared in plc.directory/export )
(Well, every skyname handle that has appeared in plc.directory/export )
January 14, 2024 at 8:31 PM
I now control every skyname handle :)
(Well, every skyname handle that has appeared in plc.directory/export )
(Well, every skyname handle that has appeared in plc.directory/export )
@twexit.nl @adrianus.twexit.nl Check your twitter DMs
December 28, 2023 at 6:04 AM
@twexit.nl @adrianus.twexit.nl Check your twitter DMs
By the way, this isn't just twexit and mastochist. Every single website that Adrianus has ever made is vulnerable to SQLi.
December 26, 2023 at 7:25 AM
By the way, this isn't just twexit and mastochist. Every single website that Adrianus has ever made is vulnerable to SQLi.
December 25, 2023 at 8:56 PM
There it is. Seems like twexit is actually dead now-- no page is working anymore.
twexit.nl
archive.is/LJnFd
(For clarity's sake-- I am not the one that put the image on the website. That seems to have been the action of the actual admin of the site.)
twexit.nl
archive.is/LJnFd
(For clarity's sake-- I am not the one that put the image on the website. That seems to have been the action of the actual admin of the site.)
December 22, 2023 at 3:24 PM
There it is. Seems like twexit is actually dead now-- no page is working anymore.
twexit.nl
archive.is/LJnFd
(For clarity's sake-- I am not the one that put the image on the website. That seems to have been the action of the actual admin of the site.)
twexit.nl
archive.is/LJnFd
(For clarity's sake-- I am not the one that put the image on the website. That seems to have been the action of the actual admin of the site.)
December 22, 2023 at 1:29 PM
Alright, looking into it more it seems the sql injection bug I found isn't actually exploitable in terms of getting database contents, just calling some functions. Could be wrong, though.
If anyone else wants to give it a try:
POST twexit.nl/js_output_te...
w/ data first=0(sql here)
If anyone else wants to give it a try:
POST twexit.nl/js_output_te...
w/ data first=0(sql here)
December 22, 2023 at 12:16 PM
Alright, looking into it more it seems the sql injection bug I found isn't actually exploitable in terms of getting database contents, just calling some functions. Could be wrong, though.
If anyone else wants to give it a try:
POST twexit.nl/js_output_te...
w/ data first=0(sql here)
If anyone else wants to give it a try:
POST twexit.nl/js_output_te...
w/ data first=0(sql here)
database() like 'admin_twexit'
(this bug is very annoying to exploit)
(this bug is very annoying to exploit)
December 22, 2023 at 11:00 AM
database() like 'admin_twexit'
(this bug is very annoying to exploit)
(this bug is very annoying to exploit)
that was fast (:
December 22, 2023 at 4:27 AM
that was fast (:
Just pushed an update to the payload that will hopefully sign everyone out from twexit that views an affected user/clicks the link. I have no confidence that twexit will actually invalidate the PHPSESSID but hopefully the redirect will get people to revoke their app passwords.
December 21, 2023 at 3:15 AM
Just pushed an update to the payload that will hopefully sign everyone out from twexit that views an affected user/clicks the link. I have no confidence that twexit will actually invalidate the PHPSESSID but hopefully the redirect will get people to revoke their app passwords.