• MrAlternateTape@lemm.ee
    link
    fedilink
    English
    arrow-up
    8
    arrow-down
    1
    ·
    3 months ago

    This remind me of my school. At the time they used some software to block sites. So I searched for the name of that software, and found an executable file with that name plus config.

    I executed it, and much to my surprise, I could now configure the filters for the whole school. I tested it by entering the URL of a game my classmates was playing at that moment. It was a very weird sensation to see his game getting closed by the software the moment I added it to the blacklist…

    So:

    • I and every other students had read and write acces to the directory where the software was installed.
    • The directory was indexed to make it easier for students to find.
    • There was no extra password or authorization.

    I showed a classmate. Told him to not show anybody else. A week later, he added the startpage to the blacklist. As a result, if you opened Internet Explorer, it would close immediately. Obviously, this caused admins to check out what was going on…

    It was fixed later, but it was fun while it lasted.

    • model_tar_gz@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      1
      ·
      3 months ago

      You never ever share the exploit that you intend to leverage for personal gain. Sorry you had to learn that the hard way.

      I made thousands of dollars in World Of Warcraft with a couple of gold and xp exploits that let me build chars that were super leveled and loaded with gold and sell them. Never ripped anyone off, just exploited a game mechanic that I think was unintended. Saved some people some time in exchange for dolla.

      And no, I’m not fucking telling you what it is/was—I don’t think they’ve been patched; I just don’t have time to play or the need for that money anymore. Too busy and well paid with my real job :).