Cute.
7 months ago
1
0
1
0
Posts by Aries
Happy New Year - here's what happened with Flirtual in 2024! 🎊
1 year ago
4
3
0
0
Almost every other week I find a new platform with severe issues. Most however encourage responsible disclosure, unlike Avatown.
It's horrifyingly common.
1 year ago
2
0
0
0
I'm pretty sure they pulled the site after my post (also posted to Twitter) and others began exploring the vulnerabilities.
1 year ago
2
0
0
0
It's a platform's responsibility to ensure the safety and security of its users' information. Don't make the same mistakes as Avatown.
1 year ago
0
0
0
0
This is just the tip of the iceberg—these issues were discovered within only 20 minutes of visiting the site.
If a malicious actor stumbled upon this, or if I had spent more time investigating, I'm confident I would uncover an entirely new trove of vulnerabilities.
1 year ago
0
0
1
0
JSON payload
Avatown has a approval process in-place for new products, which is perfect for preventing spam & malicious listings.
But, you can just update your own product's `isApprovedByAdmin` field to true, bypassing this protection entirely.
1 year ago
0
0
1
0
Advertisement
Buying any product for free
Did you know everything on Avatown is free?
When creating an order, your client sends a request to /api/v1/order/makeStripePayment, which would be fine, except for the fact that you provide which product you want & the price of it.
Server-side validation, what's that?
1 year ago
2
0
1
0
XSS injection, arbitrary code execution.
An issue I test for quite often on platforms, and a fairly severe one at that. This vulnerability lets you redirect visitors, steal credentials & personal information.
Spicy.
1 year ago
0
0
1
0
The culprit: goavatown.com
After reaching out and providing a responsible disclosure, they chose not to address the issues. Instead, they decided to remove me from their platform and community.
So, logically, a public disclosure is next.
1 year ago
2
1
1
0
Too often, platforms neglect security & safety. These must be priorities.
Today, Avatown launched with major flaws—XSS, injection risks, and more.
Let’s dive in 🧵
1 year ago
2
0
2
0
I love cheesecake, can I have some?
1 year ago
0
0
0
0
Recently I opened the last PR needed to make my godot theme complete. It addresses the issue of missing backgrounds in sidebars. After this it will only need smaller improvements
github.com/godotengine/...
Thanks for using my theme ❤️
1 year ago
316
22
8
1
xrd?
1 year ago
0
0
1
0
Advertisement
Cloudflare Workflows is now in open beta! Workflows allows you to build reliable, repeatable, long-lived multi-step applications that can automatically retry, persist state, and scale out. blog.cloudflare.com/building-wor...
1 year ago
41
9
1
6
so real.
1 year ago
1
0
0
0
Walk faster bozo. 🙄
1 year ago
0
0
0
0
Mexican Pizza
I have leftover pizza, but it was spicier than I could handle.
1 year ago
0
0
0
0
where's the stream
1 year ago
0
0
1
0
I'm so hungry 🥺
1 year ago
1
0
1
0
mmmm share?
1 year ago
1
0
1
0
Our #Spookality2024 winners are finally here!
Read our blog post to learn more:
hello.vrchat.com/blog/spookal...
1 year ago
107
19
2
11
i think its soo important to get the sky right if you want a place in vr to feel real. Stars especially just feel off most of the time, usually because they're way too bright or uniformly spaced out.
for most of my worlds I like to use star maps from NASA: svs.gsfc.nasa.gov/4851/
#MadeForVRChat
1 year ago
67
12
3
0
Advertisement
this thread is a wonderfully terse description of atproto
1 year ago
104
17
1
1
did u guys know theres a labeller for pronouns? if you sub to it youll see the pronouns of folks using it beneath their username on their posts! its pretty cool and very easy to set up @pronouns.adorable.mom
1 year ago
1115
964
46
63
it does not 🥲
1 year ago
0
0
0
0
testing posts with external media links... do they embed...?
files.aries.fyi/2024/10/19/e...
1 year ago
0
0
1
0
@duinrahaic.app is my favourite bunny, no contest.
1 year ago
1
0
0
0
I still find myself scrolling X, missing a lot of the "Tech Twitter" content here.
1 year ago
1
0
1
0