Message from @cathy

Discord ID: 193739086341603328

Deleted User
2016-06-18 14:45:48 UTC  

inb4 Dawn is another 12 year old like Zombii

dawn
2016-06-18 14:45:50 UTC  

I don't have a non work box I can use to hit it with

dawn
2016-06-18 14:45:52 UTC  

so I can't test it

dawn
2016-06-18 14:45:59 UTC  

You got me.

cathy
2016-06-18 14:46:03 UTC  

Sucks to be you

dawn
2016-06-18 14:46:22 UTC  

I mean try injecting another header into the URL

dawn
2016-06-18 14:46:27 UTC  

then look at the response

cathy
2016-06-18 14:47:26 UTC  

I don't see how that would do anything, it gives youtube-dl the link and asks for the stream url

dawn
2016-06-18 14:47:44 UTC  

Uh you can use it to hit internal resources/send requests to any site with any data you want

Deleted User
2016-06-18 14:47:48 UTC  

It's open source so they can see for themselves.

Deleted User
2016-06-18 14:48:04 UTC  

youtube-dl, I mean.

Deleted User
2016-06-18 14:48:10 UTC  

We're just using someone else's bot

dawn
2016-06-18 14:48:16 UTC  

Yeah but someone here is hosting it

dawn
2016-06-18 14:48:27 UTC  

all I'm saying is it's worth checking so they don't get abuse complaints for someone using their shit in a bad way

Deleted User
2016-06-18 14:48:33 UTC  

If it was that much of a problem to you then you'd fix it. :^)

cathy
2016-06-18 14:48:47 UTC  

So you want to request cp links in here with !play or what?

dawn
2016-06-18 14:48:56 UTC  

What the fuck

dawn
2016-06-18 14:49:08 UTC  

All I did was suggest that your bot might be vuln to a public CVE

Deleted User
2016-06-18 14:49:27 UTC  

!play autism

Deleted User
2016-06-18 14:49:32 UTC  

I was about to say.

cathy
2016-06-18 14:49:57 UTC  

All I did was suggest that all you can do is maybe send a random request

cathy
2016-06-18 14:50:11 UTC  

I don't know if ydl has any filters

dawn
2016-06-18 14:50:11 UTC  

... I already said I don't have a box I can tail -f logs for

cathy
2016-06-18 14:50:29 UTC  

And I don't particularly care about that

dawn
2016-06-18 14:50:43 UTC  

lol

Deleted User
2016-06-18 14:50:44 UTC  

Discord isn't going anywhere, try hitting it later

dawn
2016-06-18 14:50:57 UTC  

I don't have a box that isn't work related

Deleted User
2016-06-18 14:50:59 UTC  

itistimetostopposting.jpg

Deleted User
2016-06-18 14:51:13 UTC  

>poll is it time to stop posting;yes;no

Nadeko
2016-06-18 14:51:14 UTC  

📃**Comfy** from **/csg/** server has created a poll which requires your attention:

**is it time to stop posting**
`1.` **yes**
`2.` **no**

**Private Message me with the corresponding number of the answer.**

cathy
2016-06-18 14:51:21 UTC  

Mind elaborating what "hit it" means?

dawn
2016-06-18 14:51:35 UTC  

Make a request to my http server

dawn
2016-06-18 14:51:58 UTC  

Where I can see if it's actually working, it's HTTP header injection

dawn
2016-06-18 14:52:16 UTC  

It's an issue even if you just have private services running on your box

dawn
2016-06-18 14:52:20 UTC  

because smeone can use that to pivot to them

Deleted User
2016-06-18 14:52:42 UTC  

>pollend

Nadeko
2016-06-18 14:52:43 UTC  

📄 **Total votes cast**: 2
--------------**POLL CLOSED**--------------
📄 , here are the results:
`1.` **[yes]** has 1 votes.(50%)
`2.` **[no]** has 1 votes.(50%)

Deleted User
2016-06-18 14:52:45 UTC  

I thought Snowdenistas went out of fashion.

dawn
2016-06-18 14:52:48 UTC  

Like i'm only telling you because I like it here already. I'm not trying to make a big deal out of it

Deleted User
2016-06-18 14:53:00 UTC  

But you are.

Deleted User
2016-06-18 14:53:05 UTC  

>not making a big deal out of it