Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> The database it is pulling from can be and has been written to by third parties, and will show up on the live website.

Not enough detail to say for sure; could be SQL injection, could be credentials exposed in the frontend.



...or endpoints not requiring any credentials at all.


… Oh, yes. After reading more carefully I see it, er, IS that. Where the hell did Musk find these people? 1996?


I'm not too sure about this theory; just went on the DOGE site and the API endpoints don't allow for POST requests, and I can't find anything that allows me to upload




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: