cross-posted from: https://lemmy.ml/post/1895271

FYI!!! In case you start getting re-directed to porn sites.

Maybe the admin got hacked?


edit: lemmy.blahaj.zone has also been hacked. beehaw.org is also down, possibly intentionally by their admins until the issue is fixed.

Post discussing the point of vulnerability: https://lemmy.ml/post/1896249

  • Aer@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    1 year ago

    Some information I have posted to Lemmy.World:

    I am not a super code-literate person so bare with me on this… But. Still please becareful. There appears to be a vulnerability.

    Users are posting images like the following:

    https://imgur.com/a/RS4iAeI

    And inside hidden is JavaScript code that when executed can take cookie information and send it to a URL address.

    Among other things. At this time if you see an image please click the icon circled before clicking the link. DO NOT CLICK THE IMAGE. If you see anything suspicious, please report it immediately. It is better a false report than a missed one.

    I have seen multiple posts by these people during the attack. It is most certainly related to JS.

    • Hairypooper@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      Wtf how is this even possible? Are the Lemmy devs smoking crack? If you’re going to run a reddit alternative, it may be wise to sanitize the fuck out of everything posted on there.

    • TheFrirish@jlai.lu
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      lmao I’m so stupid I pressed on that image and now my account is compromised. oh well it forced to create another and this is my first hack yayyyyy!

      • Fal@yiffit.net
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        There’s so many things wrong with this I don’t even know where to start