Author Topic: FurAffinity: Still Broken After All These Years!  (Read 846 times)

Conan

  • Postcount ate Whippany, NJ
  • ****
  • Posts: 653
  • E-points: +36/-9
  • ¯\(°_o)/¯
    • View Profile
FurAffinity: Still Broken After All These Years!
« on: March 21, 2014, 12:34:37 am »
Way, way back in late October of 2010, more than a month before FA would learn what happens when they ignore security concerns, Eevee published a list of exploits he had discovered on the site. All in all, there were about thirty exploits listed. Over time, a few of them would be fixed, usually when they became a problem.

Yesterday was March 20th, 2014. 1,236 days since Eevee's list was posted. In that amount of time entire new art sites have been coded and brought online. FA, on the other hand, still has yet to fix at least one of the exploits, probably one of the most glaring and easy to fix ones on the list: Using CSRF, you can still force a user to logout by hiding "http://www.furaffinity.net/logout/" in image tags, as it contains no security token.

Somehow, the thread about it on the FA Forums still exists, with the exploit present in the OP, perhaps as proof they have reached a whole new level of not caring.

chewy_lemon

  • Posts: 12
  • E-points: +1/-0
  • The Chewiest
    • View Profile
Re: FurAffinity: Still Broken After All These Years!
« Reply #1 on: June 11, 2014, 01:47:10 am »
https://www.furaffinity.net/journal/5828127#cid:40631892

Apparently it still hasn't been fixed.

ColonThree

  • **
  • Posts: 133
  • E-points: +16/-3
  • Not a cat
    • View Profile
Re: FurAffinity: Still Broken After All These Years!
« Reply #2 on: June 11, 2014, 09:27:54 am »
https://www.furaffinity.net/journal/5828127#cid:40631892

Apparently it still hasn't been fixed.

It doesn't compromise FA (other than its integritahahaha), therefore no one cares about it.
~Witty quote~