now to try and break it again
It doesn’t let you run the function, but you can still just run something like this:
subprocess.check_output([os.environ["REPLIT_CLI"], "identity", "create", "-audience=843f513d-232b-4407-8863-3f4504cefee7"]).decode('utf-8').strip() and it will output the identity key
ayo what lol XD, nvm then. How come?
oh wait, I just realized, does it mean that they’ve made it so you can’t run functions from the code? I guess that’s a step forward, but most definitely still broken to the absolute max
yeah, they just made it so you can’t run functions, but that doesn’t stop you from just generating the token “manually”
I do like what they’ve done, though, now they need to make variables in-accessable as well, since if you store you token in a variable, I can stop your code and just print out that variable to get your token.
The only way around that would be to never store the token in a variable and always call the your function to generate a new token when using it.
Ayo, check again, I just ran some code and it’s not working?
I can still generate someone’s token
oh how? really? I cannot XD
I go brrrrrrrrrrrrrrrhkjkj
yes, but what is the vulnerability you found?
no can do buckaroo brrrrrrrrrr
ok, please, really, I need to report it and fix it…
im the bug hunter man not you >:(
ok, ok, ok, please I need to fix
I’ve already reported it :dance:, and it’s being looked into right now.
ayo please, please can you just tell me what it is willing to pay for information, ok 100 cycles?
bro , it’s so simple and uncomplicated I discovered it by accident while messing around with one of @OverdriveReplit’s repls.
ok but can you tell me I will pay you 100 cycles
ill show you it but won’t tell you how to do it.