← Back to context

Comment by rsynnott

8 days ago

> The database it is pulling from can be and has been written to by third parties, and will show up on the live website.

Not enough detail to say for sure; could be SQL injection, could be credentials exposed in the frontend.

3 comments

rsynnott

Reply
seba_dos1  8 days ago

...or endpoints not requiring any credentials at all.

  • rsynnott  8 days ago

    … Oh, yes. After reading more carefully I see it, er, IS that. Where the hell did Musk find these people? 1996?

    • CharlesChadwick  8 days ago

      I'm not too sure about this theory; just went on the DOGE site and the API endpoints don't allow for POST requests, and I can't find anything that allows me to upload