• tarjeezy@lemmy.ca
    link
    fedilink
    English
    arrow-up
    8
    ·
    1 year ago

    Last I saw, they were on 0.18.1, unless a very recent update was installed. Do you happen to have a full list of domains they were redirecting to? Just want to be sure they were only going to “harmless” offensive sites, and not something worse.

    • Max-P@lemmy.max-p.me
      link
      fedilink
      English
      arrow-up
      14
      ·
      1 year ago

      Only lemonparty (which then redirects to chaturbate) and the pedo image hosted in the pictrs of lemmy.world itself. I saw no evidence of anything else, as people said, it’s a pretty oldschool type of hack to disturb not spread malware.

      But I didn’t dig that much further than that, and it’s only a snapshot of what I gathered before it got fixed. I Ctrl+F “lemonparty” in view source and pasted the JSON in VScode and that’s about it. Didn’t dig much deeper if that was just a red herring.

    • Max-P@lemmy.max-p.me
      link
      fedilink
      English
      arrow-up
      14
      ·
      1 year ago

      As for the version, my instance reports it as

      0.18.1-2-ga6cc12afe
      

      So it seems to be using some extra patches, but I can’t find that commit on GitHub which indicates it might not be public, or cherry-picked locally.

      So with this in mind, either it’s just innocent performance patches, or someone potentially also introduced the markdown vulnerability.

      Although it’s also entirely possible I suck and wasn’t able to reproduce it correctly/had wrong quoting or something. Hopefully the devs can shine some light in the details.