16
Anyone Can Push Updates to the DOGE.gov Website
(www.404media.co)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 14 Feb 2025
16 points (100.0% liked)
Not The Onion
16048 readers
1034 users here now
Welcome
We're not The Onion! Not affiliated with them in any way! Not operated by them in any way! All the news here is real!
The Rules
Posts must be:
- Links to news stories from...
- ...credible sources, with...
- ...their original headlines, that...
- ...would make people who see the headline think, “That has got to be a story from The Onion, America’s Finest News Source.”
Please also avoid duplicates.
Comments and post content must abide by the server rules for Lemmy.world and generally abstain from trollish, bigoted, or otherwise disruptive behavior that makes this community less fun for everyone.
And that’s basically it!
founded 2 years ago
MODERATORS
Yes. But how?
Here's an archived version of the article to get past the paywall. The hackers went to the network tab of their browser's developer console and noticed that the API calls to write to the database weren't password protected.
Compared with an SQL injection, how sophisticated is this method?
If SQL injection is picking a lock, this is entering through an unlocked door.
Not sophisticated at all, authentication on API routes is way earlier on the security checklist than SQL query sanitisation. This site is amateur work.
Much much simpler, with a SQL injection at least you have to bypass the filters set, this is just submitting the changes through an API and the DB just eats it up.
Not to worry, they don’t use SQL