[–] ▶ №12590929[Last 50 Posts][1][2][Quote] [Voice Chat]>>12590947>>12590995>>12591142>>12591674
https://wplace.live/Randomly signed into a literal who's account while registering through a Twitch account (I used
https://www.emailnator.com if that matters). Not sure what even happened. In the last image, the backend of the site (when you click the "Login with Twitch/Google") randomly displayed a random user's account info and email. This might amount to nothing but I seriously think this vibe-coded website (Servers down often, so many glitches and errors, probably coded by ChatGPT) can be datamined and raped violently (the site is also 90% annoying troons anyway). I have yet to see this experience anywhere else here, and the site went offline and I got logged out so I can't verify any screenshots, sorry.
▶ №12590942[Quote]
thankfully we can still check the code, even when the website is down..
▶ №12590947[Quote]
>>12590929 (OP)context this happened a few hours ago
▶ №12590950[Quote]
GO UP
▶ №12590951[Quote]
with this website being such a useless nigger and somehow being down more often than the sharty i wonder how it even got popular in the first place
▶ №12590954[Quote]>>12591831
imagine getting your credit card info leaked by a bald man with glasses website
▶ №12590962[Quote]
holy fucking shit the code is a mess.
▶ №12590975[Quote]
i'm thinking that we may be able to break into any account through sql injection, but i need some testing.
▶ №12590985[Quote]
you do your thing /tech/ GOD, i believe in you
▶ №12590995[Quote]>>12591035
>>12590929 (OP)why is the site down, does anyone know?
▶ №12591029[Quote]
>>>12590975
this nigger is so dumb he wrote each fucking language directly into the code instead of using a locale file
▶ №12591035[Quote]>>12591044
>>12590995to fix this error where you could log into a random's account
▶ №12591062[Quote]
it's kinda hard when the site is down. Functions have scrambled names of letters and nonsense. Normally i'd just check the network to see what function handles the login shit. But that's down.
▶ №12591083[Quote]
>>12591044From my experience, that site is running worse than that time when the great cuckset happened and 'arty got a raisin ton of rapefugees
▶ №12591099[Quote]
bump, lets try doxxing the owner also
▶ №12591118[Quote]
hack this shit website o algo
▶ №12591124[Quote]>>12591165
>user session.
Is it possible that these actual baboons are storing user credentials into the session storage without a key?
▶ №12591136[Quote]
we're gonna have to wait for it to come back. Unless someone with more patience than me wants to comb through this nigger of a front end.
▶ №12591142[Quote]
>>12590929 (OP)alao yes it can, why dont we try finding famous people we can dox with this or something
▶ №12591154[Quote]
>>12591094>the only personal information Wplace stores is your email address.Geg they're lying.
▶ №12591165[Quote]>>12591188>>12591205>>12591216
>>12591124The devs are brapzilian, so yes
▶ №12591188[Quote]>>12591256
>>12591165so that's why brapzilian flags are everywhere?
▶ №12591205[Quote]>>12591256
>>12591165we'l check when it comes back.
▶ №12591216[Quote]>>12591243>>12591256
>>12591165is it even worth doxxing them
▶ №12591241[Quote]>>12591255
>>12591030Wow another codeGOD let me check this raisin as well
▶ №12591243[Quote]>>12591263
>>12591216maybe, because then we can write their 'ox on the canvas
▶ №12591255[Quote]
>>12591241go ahead. It's a complete mess.
▶ №12591258[Quote]>>12591264
IT'S ONLINE!!!
▶ №12591263[Quote]
>>12591243k, i cant do much raisin because my tools havent arrived yet but theyll be here soon
▶ №12591265[Quote]>>12591274
Omfg from the js file names I already know this is react
▶ №12591281[Quote]>>12591316
Yes it is react… Then the code is niggerhell
▶ №12591307[Quote]>>12591352
>>12591256which ones for this month or week
▶ №12591316[Quote]>>12591341
>>12591281It's what i mean, we have to wait until it comes back so hopefully some testing with the network can give some clarity as to what functions we can exploit.
▶ №12591319[Quote]
Hello Brave? Why can't I send images from this?
▶ №12591329[Quote]
Let me switch…
▶ №12591352[Quote]
>>12591307we'll have to wait until the site is back online
<nigger spacingalso, there are a fuckton of underaged troons advertising home-brew troonshine in this shithole
▶ №12591359[Quote]
>>12591341Hold on… Most of the js is fucking dupe GEEEEEEEEEEEEEEEEG just shut it down
▶ №12591371[Quote]>>12591396
W place is so fucking garbage I literally cannot log into the site right now
▶ №12591372[Quote]
i used this website with my main account
▶ №12591375[Quote]
Worst webshit award
▶ №12591385[Quote]>>12591391>>12591395
Like I literally cannot sign what the fuck is this website it keeps saying bad getaway
▶ №12591391[Quote]>>12591406
>>12591385(((they))) shut it down
▶ №12591395[Quote]>>12591406
>>12591385It's still offline
▶ №12591396[Quote]>>12591403>>12591406
>>12591371the devs shut it down to fix some data breaches, adhdGOD
▶ №12591403[Quote]>>12591411>>12591418>>12591445
>>12591396so we wont be able to abuse what OP mentioned? or something
▶ №12591406[Quote]>>12591454
>>12591391>>12591395>>12591396May allah curse the herpes infested tranny hands that coded this website
▶ №12591411[Quote]
>>12591403it will be shit even after fix
▶ №12591413[Quote]
Make S0I1337 proud chuddies
▶ №12591418[Quote]>>12591426>>12591429
>>12591403something tells me it's not the only exploitable shit we can find.
▶ №12591426[Quote]
>>12591418Same I'm sure we can find way more thing to exploit
▶ №12591428[Quote]>>12591436
I wanna find out if i can do some sql injection when it comes back, but i'm doubtful if they're that dumb.
▶ №12591429[Quote]
>>12591418hopefully we find more or something.
▶ №12591431[Quote]
Send people's information if you need a dox guys
▶ №12591436[Quote]>>12591444
>>12591428Let me check the api from js
▶ №12591444[Quote]>>12591455
>>12591436react doesn't offer sql injection btw. They had to add it manually from the server side. That is if they have protection.
▶ №12591445[Quote]
>>12591403we wil, they're amateurs
▶ №12591451[Quote]
Argentina aryans won
brazil faggots lost
▶ №12591454[Quote]
>>12591406shitskin brapzilian chatgpt datamining 'code'
▶ №12591455[Quote]
>>12591444Yes I know but somehow this raisin have to reach the server
▶ №12591461[Quote]>>12591467>>12591480
do i get to say i assisted in this
▶ №12591467[Quote]
>>12591461Having people here is a huge moral boost so yes
▶ №12591477[Quote]
rape the transgenders
▶ №12591480[Quote]>>12591495
>>12591461with the doxings, can't do the hacking raisin for now
▶ №12591491[Quote]>>12591520
The fuck is svelte I never use these shitty web frameworks
▶ №12591495[Quote]
>>12591480Fuck there were doxxing and I wasn't here?
▶ №12591506[Quote]>>12591526
some accounts have discord IDs attached to them btw don't know if that matters
▶ №12591520[Quote]>>12591555
>>12591491it's niggerjeet tech. Buzzfeed uses it if that matters. fuggen jardee
▶ №12591526[Quote]>>12591606
>>12591506you can run them trough some breach websites.
▶ №12591527[Quote]
>>12591512we're gonna get wiped out in one second
▶ №12591555[Quote]
>>12591520Yes I see that its niggerjeet tech most of the code is dead code, completely unused.
▶ №12591563[Quote]
Where is the worker loader…
▶ №12591572[Quote]
>>12591544>Russian government is a 'cordMarge…
▶ №12591580[Quote]>>12591594
Its seems this raisin is back
▶ №12591600[Quote]>>12591623
>>12591594its working for me
▶ №12591607[Quote]
Most of the dupe js file is gone
▶ №12591623[Quote]>>12591631
>>12591600nope bad gateway
▶ №12591633[Quote]>>12591677
chunks/B_ghyyfR.js seems to be the api
▶ №12591674[Quote]
>>12590929 (OP)1llegality.pagesdev
Jul 2023
Email: raresemailforstuff@gmail.com
Birthdate: [Redacted]
from the one faggot in 3rd pic
▶ №12591677[Quote]>>12591708
>>12591633>chunks/B_ghyyfR.jsi founnd the paint method. line 841
▶ №12591690[Quote]
SAYING THIS IN ADVANCE, 'CHIVE EVERYTHING AND THIS THREAD
▶ №12591708[Quote]>>12591724
>>125916771077, purchase method. Check it out nigga.
▶ №12591720[Quote]>>12591721>>12591725
just got in this thread can someone give me a rundown of whats happening?
▶ №12591721[Quote]>>12591733
>>12591720site possibly has like 50 backdoors or something
▶ №12591724[Quote]>>12591738
>>12591708There's no lines for me the entire thing is 2 line and auto formatted by the browser
▶ №12591725[Quote]>>12591736
>>12591720the site is written in jeetcode. We're trying to break it. We have to wait until the site comes back up doe.
▶ №12591733[Quote]
>>12591721>troon site has troon coding who could have fucking guessed i am so fucking thankful i havent signed up for that shit and always went there with a VPN
▶ №12591736[Quote]
>>12591725I still have some request logged
▶ №12591749[Quote]>>12591754
i've found some very juicy shit. From joining alliances to making people admin on them.
▶ №12591753[Quote]
>>12591738Yea I saw this but for the payment methods its mainly just get info and create payment request nothing interesting.
▶ №12591760[Quote]>>12591776>>12591791
>>12591754async giveAllianceAdmin(e) {
const a = await this.request(
'/alliance/give-admin',
{
body: JSON.stringify({
promotedUserId: e
}),
method: 'POST',
credentials: 'include'
}
);
▶ №12591764[Quote]>>12591778
so is this more like a 4chan hack where you guys are taking over the site or a tea app thing where the data isnt stored properly
▶ №12591766[Quote]>>12591791>>12591901
async purchase(e) {
const a = await this.request(
'/purchase',
{
method: 'POST',
credentials: 'include',
body: JSON.stringify({
product: e
})
}
);
if (a.status ! 200) throw a.status = 404 ? new Error(Ie()) : a.status = 403 ? new Error(Oe()) : a.status = 409 ? new Error(Ne()) : new Error(o())
}
▶ №12591776[Quote]>>12591795
>>12591760do they have server side input validation… hmmm….
▶ №12591778[Quote]>>12591790
>>12591764seems like a tea app thing but the site seems shit enough that maybe both could be possible
▶ №12591782[Quote]>>12591794>>12591795
async paint(e, a) {
const t = ga(e, r => `t=(${ r.tile[0] },${ r.tile[1] }),s=${ r.season }`),
c = (
await Promise.all(
Object.values(t).map(
r => {
const [i,
_] = r[0].tile,
L = r[0].season,
F = {
colors: r.map(N => N.colorIdx),
coords: r.flatMap(N => N.pixel),
t: a
};
return this.request(
`/s${ L }/pixel/${ i }/${ _ }`,
{
method: 'POST',
body: JSON.stringify(F),
credentials: 'include'
}
)
}
)
)
).filter(r => r.status !== 200);
if (c.length) {
const r = c[0];
if (r.status === 401) throw new Error(Q());
if (r.status === 403) {
if (r.headers.get('cf-mitigated') === 'challenge') throw new Error(ca());
const i = await r.json();
throw (i null ? void 0 : i.error) = 'refresh' ? new Error(ma()) : (La.refresh(), new Error(ae()))
} else if (r.status === 451) {
const i = await c[0].json();
if ((i null ? void 0 : i.error) = 'multi-accounting') throw new Error(re());
if ((i null ? void 0 : i.error) = 'suspended') throw new Error(sa())
} else throw new Error(o())
}
}
▶ №12591794[Quote]>>12591801
>>12591782We can just call this in our own script however from what I heard this shit throws cf captcha at you every 2 minute
▶ №12591795[Quote]>>12591800
>>12591776maybe, we'l check when the site comes back on. For now the paint function here
>>12591782is the most interesting shit i've found i think. We could make a drawbot with this.
▶ №12591800[Quote]
>>12591795coderGODS do this
▶ №12591801[Quote]>>12591804>>12591816
>>12591794We going to have problems with the captcha
▶ №12591804[Quote]>>12591822
>>12591801theres things thatll solve it for you aldoe you have to pay for that
▶ №12591809[Quote]
why are you diddy ahh bluds typing like supervillians 💀 💀 💀
▶ №12591816[Quote]>>12591837
>>12591801maybe, unless we skip the function and just send POSTs directly.
▶ №12591822[Quote]>>12591850
>>12591804cf captcha is not that good and I know raisin which solves it for you locally
▶ №12591831[Quote]
>>12590954Xheyre in shambles albeit
▶ №12591837[Quote]>>12591853>>12591873
>>12591816Question is do they validate it server side. When I made the rplace bot many got false bans which only lasted until reload. You got it every 3-4 minute and blocked you from placing things. Except for me because my bot was able to keep placing pixels
▶ №12591850[Quote]
>>12591822Turnstile is rather jank
▶ №12591853[Quote]>>12591863>>12591873
>>12591837how will we find this out without raising alarms?
▶ №12591863[Quote]>>12591870
>>12591853I don't think the dev is an obsessed nigger who constantly checks api calls
▶ №12591870[Quote]
>>12591863im asking in advance, i dont want us to mess this up
▶ №12591873[Quote]>>12591894
>>12591837we'l see when it comes back.
>>12591853it reaches a point where they'l have to rewrite the whole website if we dig in deep enough. Something like the purchase shit could be a fatal blow.
▶ №12591892[Quote]
The worker's code is a schizophrenic episode
▶ №12591893[Quote]
Someone link a working draw bot
▶ №12591894[Quote]>>12591901
>>12591873marge again on the purchase raisin? i'm retarded. lets also just do everything we can to make sure it never goes back up.
▶ №12591901[Quote]>>12591907>>12591939
>>12591894the website has a shop with real money. And it just so happens that i found this.
>>12591766 ▶ №12591907[Quote]>>12591926
>>12591901Maybe we can bruteforce out payment details with that 2 getter
▶ №12591915[Quote]
Depends on how long the ID is
▶ №12591916[Quote]
i never code whats the issue with it
▶ №12591926[Quote]
>>12591907geg, that would be very gemmy.
▶ №12591936[Quote]>>12591945
HOLY OBSESSED they transpiled something into WASM
▶ №12591939[Quote]
>>12591901assuming you get billing raisin, will it be released? you were most definitely right regarding how it could be a fatal blow to the owners of that raisin site and how it could possibly just go offline forever
▶ №12591962[Quote]>>12591968>>12591970
>>12591945I swear to god everyone who transpile shit to WASM should be publically executed im trans btw
▶ №12591968[Quote]
>>12591962Raped by nameroll award
▶ №12591985[Quote]>>12592004
WASM seems to be painting related
▶ №12592004[Quote]
>>12591985it doesn't even let me display the wasm on my shit.
▶ №12592028[Quote]>>12592064
>>12591994does this website store user phone numbers somewhere? this could be big.
▶ №12592062[Quote]
>>12592030janny please stop being a tranny and approve this.
▶ №12592064[Quote]>>12592089
>>12592028Btw I have the feeling this kike just transpiled that code to WASM few minutes ago because before it was down I saw more js file there instead one WASM
▶ №12592089[Quote]
>>12592064Which is a bit problematic I would've liked to read that code
▶ №12592130[Quote]>>12592151
i really do wonder what caused the wrong login bug.
▶ №12592157[Quote]
do you have something against the obsessed debugger check?
▶ №12592187[Quote]
FUCK YOU GOFILE useless piece of shit
▶ №12592188[Quote]>>12592201>>12592219
I'm reading their xitter account and it seems like the site was coded by just one person. Now I'm 100% sure you guys can rape it
▶ №12592201[Quote]
>>12592188captain gem come back geg
▶ №12592219[Quote]>>12592229>>12592236>>12592261>>12592270
>>12592188>it seems like the site was coded by just one personit's gonna be ages until this shit comes back up.
>>12592207thanks, i couldn't display the wasm on my machine. Also make it public,
▶ №12592236[Quote]
>>12592219WHAT THE FUCK GOFILE
▶ №12592238[Quote]
>>12592229i didnt get quads, but anyways what else has been found?
▶ №12592241[Quote]
okey hold on lemme upload it somewhere else
▶ №12592243[Quote]
im bored now
▶ №12592270[Quote]>>12592279
>>12592219WASM if you don't know is Web Assembly aka machine code
▶ №12592279[Quote]
>>12592270i know. I know a bit of assembly. Still sucks.
▶ №12592280[Quote]
>>12592268can't even tell what i'm supposed to be reading
▶ №12592282[Quote]>>12592290>>12592298
>>12592268WASM doesn't have strings… So strings and strings related calculations is done with math
▶ №12592290[Quote]
>>12592282Its the most retarded language in the entire fucking world
▶ №12592298[Quote]>>12592307>>12592324
>>12592282why do people willingly torture themselves?
▶ №12592324[Quote]>>12592326>>12592330>>12592352
>>12592298because writing unreadable garbage to fuel your own ego is heccin gender affirming and transcoded or however the tranny is unemployed.
▶ №12592330[Quote]>>12592355>>12592387
>>12592324Basically WASM is an obfuscator language this is what hcaptcha uses as well the ultimate level of autism
▶ №12592352[Quote]
>>12592324But yea its impossible to describe WASM better than this
▶ №12592355[Quote]>>12592391>>12592401
>>12592330yeah, trying to make sense of these 30000 lines of WASM is pointless. I'l wait until the site comes back to try another approach. I still want to try some sql injection. It's worth a try.
▶ №12592387[Quote]
>>12592330Makes and allocates 475628764238624876 different smaller buffer then fills it up with values which then bitshifts 3984732987 times which is then bitshifted into a different small buffer then loads it into the main buffer
▶ №12592391[Quote]>>12592402
>>12592355tsmt, also did anyone here 'chive the stuff here?
▶ №12592401[Quote]
>>12592355Yeah if we have to go through that thing we would sit here until the heat death of the universe
▶ №12592402[Quote]
>>12592391we should probably archive the rest of the code before it's all turned into fucking wasm.
