mirror of
https://github.com/myawired/2025-RecRoom-Server-E12354.git
synced 2026-07-17 16:11:15 +10:00
Revise README for clarity on vulnerability discovery
Reformatted text for clarity and added a note about permissions.
This commit is contained in:
@@ -33,11 +33,13 @@ He is a 12 Year old vibe coder. Hes all talk and cant code :/
|
|||||||
|
|
||||||
We discovered a vulnerability in his server that allowed us to extract the full server files and database.
|
We discovered a vulnerability in his server that allowed us to extract the full server files and database.
|
||||||
|
|
||||||
Since he is hosted on **TabbyCluster**, we had to be careful. Per our Acceptable Use Policy (AUP),
|
Since he is hosted on TabbyCluster, we had to be careful. Per our Acceptable Use Policy (AUP), we do not have direct access to customer servers or files. Because of this, we had to approach it by identifying and using a vulnerability present in his specific setup.
|
||||||
we do not have direct access to customer servers or files.
|
|
||||||
Because of this, we had to approach it by identifying and using a vulnerability present in his specific setup.
|
I discovered a vulnerability in an outdated pkg running on his server. Due to improper configuration, it allowed us to bypass authentication and pull his full server files and database.
|
||||||
I discovered a vulnerability in an outdated pkg running on his server.
|
|
||||||
Due to improper configuration, it allowed us to bypass authentication and pull his full server files and database. ( we only had read only perms /ᐠ ◞ ᆺ ◟マ )
|
> **Note:** We only had read-only permissions. /ᐠ ◞ ᆺ ◟マ
|
||||||
|
|
||||||
|
---
|
||||||
---
|
---
|
||||||
|
|
||||||
## Our Message
|
## Our Message
|
||||||
|
|||||||
Reference in New Issue
Block a user