#1 skybucks millionaire
@richardwrites672.bsky.social
adrianus websites try not to have every vulnerability type challenge
adrianus count: 4 xss (technically 5 if you count the firstpost xss), 10 sqli
non-adrianus count: 15 xss, 6 sqli, 1 hamburger, 5 auth bypass, 10+ "chatDisabled":true
https://6v.pages.dev
adrianus count: 4 xss (technically 5 if you count the firstpost xss), 10 sqli
non-adrianus count: 15 xss, 6 sqli, 1 hamburger, 5 auth bypass, 10+ "chatDisabled":true
https://6v.pages.dev
Here's a screenshot of BitView's admin panel.
March 9, 2024 at 9:05 PM
Here's a screenshot of BitView's admin panel.
I now control every skyname handle :)
(Well, every skyname handle that has appeared in plc.directory/export )
(Well, every skyname handle that has appeared in plc.directory/export )
January 14, 2024 at 8:31 PM
I now control every skyname handle :)
(Well, every skyname handle that has appeared in plc.directory/export )
(Well, every skyname handle that has appeared in plc.directory/export )
By the way, this isn't just twexit and mastochist. Every single website that Adrianus has ever made is vulnerable to SQLi.
December 26, 2023 at 7:25 AM
By the way, this isn't just twexit and mastochist. Every single website that Adrianus has ever made is vulnerable to SQLi.
It is an adrianus project, yes. The domains (mastochist.com and mastochist.nl ) don't resolve but you can still access it by setting an /etc/hosts entry with the IP of the twexit server.
December 26, 2023 at 6:02 AM
It is an adrianus project, yes. The domains (mastochist.com and mastochist.nl ) don't resolve but you can still access it by setting an /etc/hosts entry with the IP of the twexit server.
Alright, looking into it more it seems the sql injection bug I found isn't actually exploitable in terms of getting database contents, just calling some functions. Could be wrong, though.
If anyone else wants to give it a try:
POST twexit.nl/js_output_te...
w/ data first=0(sql here)
If anyone else wants to give it a try:
POST twexit.nl/js_output_te...
w/ data first=0(sql here)
December 22, 2023 at 12:16 PM
Alright, looking into it more it seems the sql injection bug I found isn't actually exploitable in terms of getting database contents, just calling some functions. Could be wrong, though.
If anyone else wants to give it a try:
POST twexit.nl/js_output_te...
w/ data first=0(sql here)
If anyone else wants to give it a try:
POST twexit.nl/js_output_te...
w/ data first=0(sql here)
