TotalFreedom Zero-Day Exploits

Tags
 
Labels
Members allowed to view this conversation
Everyone

Fisholas

5 days ago Suspended

I have created this thread to discuss the lingering zero-day exploits in TotalFreedom's Flarum software and in their BungeeCord implementation that's being exploited by Akefu.

As you may know, I have some experience in the field of security and I have written up lengthy reports on the security vulnerabilities of this forum software in the past. My reports have allowed the software's improvement to take place, so I hope you all can take me seriously when I say that I've found a number of zero-day exploits in TotalFreedom's implementation of Flarum. I was able to successfully execute XSS code, retrieve proprietary information about the MySQL database, and run a query.

There are also a number of exploits being taken advantage of with the BungeeCord implementation that more specifically is a fork known as Waterfall. The fork itself is stable enough but a plugin which I won't name here for security reasons that has been foolishly installed on the proxy has exposed a gaping hole in its security allowing for code to be executed through a web panel.

If anyone has more information feel free to discuss the matter. TotalFreedom's security is at stake and even though I have retired as a developer on the project I'm still concerned for how far they've let the server roll down a cliff.


I hate dogs


We’re actively working on migrating off of Flarum, but for the time being, we are working on fixing these exploits. Flarum is an absolute piece of shit, and we want to get off of it as soon as possible. It’s known that Akefu has been exploiting to obtain information that otherwise would be unavailable. If you discover any exploitable features within TotalFreedom’s forum, please alert me, Ryan, or any other high-ranking developer, immediately. Publicizing the exploits will do nothing but give a gateway for serial trolls (cough cough, “Akefu”) to get unauthorized access to admin-only resources. As for the BungeeCord, we will (hopefully) implement it in a more effective and non-exploitable way.


HOLY FUCKING SHIT NIGGERCATTLE YOU WILL NEVER FUCKING PATCH MY FUCKING EXPLOITS BECAUSE NIGGERJEWS EVERY SINGLE EXPLOIT YOU FUCKING PATCH WILL BE LIKE CUTTING OFF THE FUCKING HYDRAS FUCKING HEAD BECAUSE TWO MORE EXPLOITS WILL BE FUCKING DISCOVERED AND DEPLOYED BY ME NIGGER FAGGOTS HOLY SHIT BALLS KEEP ON PLAYING FUCKING WHACK A MOLE WITH MY ALTS AND EXPLOITS FUCK


HOLY FUCKING SHIT BALLS IM DONE IVE HAD A FUCKING NOUGH YOU NIGGERCATTLE HAVE BEEN FREE RIDING FOR TOO FUCKING LONG AND NOW IM GOING TO CLOG ALL YOUR FUCKING THROTES WITH MY FUCKING SHIT RAIDS FOR THE NEXT 1000 FUCKING YEARS HOLY FUCK YOU NIGGERJEWS THOUGHT I WAS FUCKING JOKING WHEN I SAID I WOULD FUCKING RAID LIKE THERES NO FUCKING TOMORROW BUT GUESS WHAT I FUCKING WASNT NOW THE RAIDS WILL NEVER EVER FUCKING STOP NO MATTER WHAT ALL BECAUSE YOU STUPID IDIOTIC MORONIC FUCKING RETARDS DIDNT GROW A FUCKING BRAIN PULL THROUGH AND FUCKING FOLLOW MY FUCKING DEMANDS NOW I GET TO FUCKING SHIT IN YOUR FUCKING SHITTY YEE YEE ASS FUCKHOLE FORUM DAY AND FUCKING NIGHT NIGGERS YOU STUPID FUCKING FAGGOTS HAVE A NOTHER THING FUCKING PLUMBING HOLY SHIT NEXT ILL DOXX THE LIVING ABSOLUTE COCK DICK CUM FUCK OUT OF EVERY FAGGOT THAT SIGNED THE FUCK UP FOR A FUCKING ACCOUNT ON THIS PATHETIC YEE YEE ASS FORUM AND ILL FUCKING SEND OUT MASS FUCKING EMAIL SPAM AND SWAT EACH AND EVERY FUCKING ONE OF YOU RETARDED FAGGOT PATHETIC SORRY ASS FUCKING NIGGERCATTLE FUCKS AND NIGGERJEWS HOLY FUCKING SHIT BALLS BY THE FUCKING WAY COCKSUCKERS HERES SOME FUCKING NICE FUCKING IMAGES TO BRIGHTEN UP YOUR FUCKING DAY <img src='https://cdn012.bdsmlr.com/uploads/photos/2020/08/300034/bdsmlr-300034-LDT5Eg917h.jpg'> <img src='https://media.thisvid.com/contents/videos_screenshots/2045000/2045825/preview.mp4.jpg'> <img src='https://www.researchgate.net/profile/Alvaro_Ayala2/publication/330937997/figure/fig5/AS:723787200880641@1549575724408/Soles-one-week-after-the-first-application-of-dimeticone-Parasites-have-died-the.jpg'> <img src='http://www.bjwinslow.com/albums/corpseprop/mutilated_corpse_12_with_plastic_blood.jpg'> <img src='https://www.researchgate.net/profile/Hitesh-Chawla/publication/316274762/figure/download/fig2/AS:485149096845313@1492679966114/Showing-mutilation-of-face-with-antemortem-injuries-present-over-right-side-of-face-and.png'>


Hey! You need to log in or create an account to do anything on this forum.