From 3b28e1186e2c8f02e948c51dd9da866ae401a7cf Mon Sep 17 00:00:00 2001 From: Mya <121321688+myawired@users.noreply.github.com> Date: Sun, 3 May 2026 15:32:19 -0400 Subject: [PATCH] Revise README for clarity on vulnerability discovery Reformatted text for clarity and added a note about permissions. --- README.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index c734545..3372328 100644 --- a/README.md +++ b/README.md @@ -33,11 +33,13 @@ He is a 12 Year old vibe coder. Hes all talk and cant code :/ We discovered a vulnerability in his server that allowed us to extract the full server files and database. -Since he is hosted on **TabbyCluster**, we had to be careful. Per our Acceptable Use Policy (AUP), -we do not have direct access to customer servers or files. -Because of this, we had to approach it by identifying and using a vulnerability present in his specific setup. -I discovered a vulnerability in an outdated pkg running on his server. -Due to improper configuration, it allowed us to bypass authentication and pull his full server files and database. ( we only had read only perms /ᐠ ◞ ᆺ ◟マ ) +Since he is hosted on TabbyCluster, we had to be careful. Per our Acceptable Use Policy (AUP), we do not have direct access to customer servers or files. Because of this, we had to approach it by identifying and using a vulnerability present in his specific setup. + +I discovered a vulnerability in an outdated pkg running on his server. Due to improper configuration, it allowed us to bypass authentication and pull his full server files and database. + +> **Note:** We only had read-only permissions. /ᐠ ◞ ᆺ ◟マ + +--- --- ## Our Message