ay! nice. now to try and break it again
It doesnât let you run the function, but you can still just run something like this: subprocess.check_output([os.environ["REPLIT_CLI"], "identity", "create", "-audience=843f513d-232b-4407-8863-3f4504cefee7"]).decode('utf-8').strip()
and it will output the identity key
ayo what lol XD, nvm then. How come?
oh wait, I just realized, does it mean that theyâve made it so you canât run functions from the code? I guess thatâs a step forward, but most definitely still broken to the absolute max
yeah, they just made it so you canât run functions, but that doesnât stop you from just generating the token âmanuallyâ
I do like what theyâve done, though, now they need to make variables in-accessable as well, since if you store you token in a variable, I can stop your code and just print out that variable to get your token.
The only way around that would be to never store the token in a variable and always call the your function to generate a new token when using it.
Ayo, check again, I just ran some code and itâs not working?
I can still generate someoneâs token
oh how? really? I cannot XD
I go brrrrrrrrrrrrrrrhkjkj
yes, but what is the vulnerability you found?
no can do buckaroo brrrrrrrrrr
ok, please, really, I need to report it and fix itâŚ
im the bug hunter man not you >:(
ok, ok, ok, please I need to fix
Iâve already reported it :dance:, and itâs being looked into right now.
ayo please, please can you just tell me what it is willing to pay for information, ok 100 cycles?
bro , itâs so simple and uncomplicated I discovered it by accident while messing around with one of @OverdriveReplitâs repls.
ok but can you tell me I will pay you 100 cycles
ill show you it but wonât tell you how to do it.