|
tribute.work | Looking for admin/mod
by bfwall - Monday February 10, 2025 at 11:08 PM
|
|
Hi, I created tribute.work out of boredom and need help preserving the forum's legacy. :mouse:
We need to: * Add more retired members to gallery * Get more domains ( rip.bf / farewell.bf ) * Take feedback and Improve or whatever
Feb 11, 2025, 01:10 AM
(This post was last modified: Feb 11, 2025, 01:11 AM by nofucksg1ven.)
most disliked : kilob and puppy, thanks
"Preserving The Legacy." is crazy tho
Feb 11, 2025, 03:49 AM
i really like the fact you're leaking users ip addresses in the comments api
 https://sadsyqmvkgzetphptuol.supabase.co...406b94342a [{"id":"6a51e45a-562a-4681-9193-8c4bcab20202","member_id":"10521227-d84a-44a7-b9f0-9b406b94342a","content":"Time wasting faggot","user_ip":"162.83.154.79","created_at":"2025-02-10T23:35:22.426555+00:00","likes":[{"count": 0}]}] Selling private web3/crypto vulnerabilities and data.
dm for simplex.
(Feb 11, 2025, 03:49 AM)ggoodman Wrote: i really like the fact you're leaking users ip addresses in the comments api Talk is cheap.. Send patches. (Feb 11, 2025, 01:10 AM)nofucksg1ven Wrote: most disliked : kilob and puppy, thanks I can give you admin access add kilob and puppy memorials
Mar 15, 2025, 10:20 AM
(This post was last modified: Mar 15, 2025, 10:32 AM by breacher222.)
(Feb 11, 2025, 03:49 AM)xz9 Wrote: i really like the fact you're leaking users ip addresses in the comments api LOL get pwned noooooooob I posted "How can u make this website so insecure and put it on BF wow . this comment just hacked you" then I learned /rest/v1/comment_likes?select=* SELECT is whats used to displayed rows of data. You can select ALL data (not in a dict/list) by simply writing *. If its inside a list then you must first specificy the list name then add *. The original request looked like this: /rest/v1/comment_likes?select=comment_id&user_ip=eq.91.171.219.43 Also the operator EQ can be changed to things like GT (greater than) LT (Less than) This is all product of usually a GRAPHQL backend. With enough looking you could possibly find his Graphql playground exposed. The Authorization Header is useless and doesnt make a diference. Im done looking but yea this is basically a HoneyPOT for any FED that doesnt even own the site since they can look at everyones IPs. You should not have that displayed at the VERY LEAST
@DWCMethods
TOX: 131A2C43494DCCFEEEBD65D729B9B4BF2E7C1AA2270B64B508998192E2C5DD0D0EC86C8D0F60 Escrow accepted - Verified Threads and Sales
Mar 15, 2025, 10:34 AM
(Mar 15, 2025, 10:20 AM)breacher222 Wrote:(Feb 11, 2025, 03:49 AM)xz9 Wrote: i really like the fact you're leaking users ip addresses in the comments api supabase apis are retarded lmao literally no authorization is needed Selling private web3/crypto vulnerabilities and data.
dm for simplex.
|
|
« Next Oldest | Next Newest »
|
| Possibly Related Threads… | |||||
| Thread | Author | Replies | Views | Last Post | |
| A collection of deepweb sites [2025] | 104 | 2,487 |
37 minutes ago Last Post: idkwhateve9872 |
||
| Looking for experienced hacker | 0 | 53 |
4 hours ago Last Post: 99992 |
||
| I'M LOOKING FOR AN INTELX API | 1 | 283 |
Apr 27, 2026, 05:16 PM Last Post: orkidd |
||
| Telegram Opsec Guide | 46 | 1,664 |
Apr 26, 2026, 12:43 PM Last Post: 0xdarkdharma |
||
| TOP SECRET FBI HACK BY KOMI | 30 | 1,441 |
Apr 25, 2026, 02:59 PM Last Post: insider100 |
||
![[Image: cat.png]](https://i.ibb.co/3MbMHQ5/cat.png)
