[–] ▶ №14985245[Last 50 Posts][1][2][Quote] [Voice Chat]>>14986155>>14986453
+
=OVU.MOE RAID=+
YOU CAN JUST SPAM REPORTS AT
https://ovu.moe/api/reportThere is
no cloudflare,
no captcha, no nothing. You can use bots to automate posting on this site.
The same goes for
https://ovu.moe/login. (You could try and
bruteforce the admin passwords.)
There is
no ratelimiting or security measures of any kind.
>Marge? What is ovu.moe?It's a site for "people" to track the ovulation cycles of female Vtubers.
▶ №14985252[Quote]
You can also spam their "evidence" section (
https://ovu.moe/track) with false evidence or some other raisin
▶ №14985482[Quote]
okay but really this shit is freaky
▶ №14985488[Quote]>>14985493>>14985507
>>14985461Annoying Orange trooned out retard
▶ №14985493[Quote]
>>14985488nophono cares it's still geggy, stop mcwhining
▶ №14985507[Quote]
>>14985488seperate the fart from the autist or something
▶ №14985531[Quote]>>14985548>>14985557
https://ovu.moe/newyou can literally upload any sort of file on here including svg files
and you can also embed javascript into svg files with xml..
teens are you soying what im soying?
▶ №14985548[Quote]>>14985557
>>14985531also why the fuck is this site so pajeet coded geg
there is no css nor any ui
definetely vibecoded using jeetgpt or something
▶ №14985557[Quote]>>14985742>>14985797
>>14985531/hack/GODS get in here
>>14985548gooners are mentally handicapped geg
▶ №14985663[Quote]
DEPLOY BABY BOT ON THIS SITE NQVV
▶ №14985693[Quote]>>14985704
I've been stealthily adding links to nigger scat and prolapse porn and shit under random vtumors
▶ №14985712[Quote]
>>14985704so gooners click on it hoping to find ovulation info and then vomit at the sight GEG
▶ №14985734[Quote]>>14986076
If you go to
https://ovu.moe/api/idol/list it sends you the entire database. It also takes a second or so to do it, as opposed to sending reports which take around 500 ms. This means it is somewhat resource intensive. I'm currently sending quite a bit of requests their way. Not a single rate limit so far.
▶ №14985756[Quote]>>14985768
>>14985742Nice. What's the software called?
▶ №14985787[Quote]
Its based and Vocaloid pilled or something
▶ №14985797[Quote]>>14985800>>14985803
>>14985557I'M GOING TO TRY TO CREATE THE PAYLOAD IM NOT SURE IF THE SHARTY ALLOWS SVG FILES BUT HOPEFULLY IT WORKS
▶ №14985800[Quote]>>14985828
>>14985797good luck saar if it doesnt then send n catbo
▶ №14985802[Quote]
x award
▶ №14985803[Quote]
>>14985797by the time you get the admin's cookie it will be snca though
▶ №14985809[Quote]>>14985812
I can't add evidence or new vtumors. I think VPNs might be blocked but I'm not sure. I even made an account but that didn't help
▶ №14985816[Quote]
>>14985812You can still send reports though
▶ №14985828[Quote]
>>14985800i'm trying to add a frog laugh to it too but it doesn't fucking work
▶ №14985847[Quote]
>>14985779that was me geg
▶ №14985918[Quote]>>14986006
try inserting HTML tags in the vtuber descriptions or in the evidence
▶ №14986027[Quote]
>>14985812I think somephono snitched
▶ №14986039[Quote]
Saar why is this site so shit i can't do anything
▶ №14986076[Quote]
>>14985734I got rate-limited after trying to log into admin's account
▶ №14986115[Quote]
up
▶ №14986126[Quote]
up
▶ №14986155[Quote]
>>14985245 (OP)Cloudflare is present on the site though. The site is behind kikeflare
▶ №14986156[Quote]
vp
▶ №14986159[Quote]>>14986172
>>14986006probably some form of basic sanitization?
you could try looking into the script to see if img tags are blocked
try using iframes
▶ №14986172[Quote]>>14986178
>>14986159no, i cant add evidence or vtubers at all. I used to be able to do it but I got blocked, somephono snitched or it's because I spammed 1488 requests to login
▶ №14986173[Quote]
bump
▶ №14986178[Quote]
>>14986172well vpns are blocked so..
try using a vpn and a hardened browser like librewolf
▶ №14986200[Quote]>>14986354
if you search
https://ovu.moe/api/idol/search/', the server experiences a fatal internal error
▶ №14986292[Quote]
up
▶ №14986300[Quote]
up and oreos
▶ №14986314[Quote]>>14986320
btw if you add cobson to your favorites we can get him on the trending vtubers tab
▶ №14986331[Quote]>>14986342
>>14986320go to
https://ovu.moe/v/cobsonmake sure you're logged into an account
click "add to favorites"
▶ №14986342[Quote]>>14986383
>>14986331i got nished, do this for me
Nate:Higgers1488
▶ №14986354[Quote]>>14986363
>>14986200someone try and get SQL injection to work
▶ №14986356[Quote]
bump
▶ №14986363[Quote]
>>14986354It's not working, it just returns an empty json
▶ №14986370[Quote]
come on nusois this is an easy target you can do it
▶ №14986399[Quote]>>14986403
>>14986383but is he ovulating
▶ №14986403[Quote]
>>14986399that's a fifteen year old doctos
▶ №14986417[Quote]>>14986453
go up this is actually fucking disgusting nigger
▶ №14986418[Quote]>>14986423
Btw ovu.moe is being talk about in 'Farms if that matter.
▶ №14986458[Quote]
>>14986453btw this is a 'farms screenshot
▶ №14986471[Quote]>>14986512
can we gem this one up by adding evidence that just links to pictures of froot's 'jak or something
https://ovu.moe/v/froot▶ №14986477[Quote]>>14986479
>>14986462for xss to even work, you need it to render a text content as innerHTML (example document.innerHTML = "fuck niggers")
I don't really think it would be possible to perform xss even if this site is extremely shitty but then again any type of file is allowed for vtubers so we could upload svg files
▶ №14986479[Quote]
>>14986477vtuber uploading*
▶ №14986482[Quote]>>14986502
>>14986462there's not an httponly flag on der cookies. We need to try injecting script tags into report forms and grabbing the admin cookie
▶ №14986502[Quote]>>14986530>>14986559
>>14986482isn't there sanitization when it comes to user input?
good luck with that ig
▶ №14986512[Quote]>>14986549
>>14986471did a stealthy one
the link leads to this geg
▶ №14986549[Quote]>>14986582
>>14986512did you find a way to mask urls or something?
▶ №14986559[Quote]>>14986604
>>14986502Domain Name: ovu.moe
Registry Domain ID: REDACTED FOR PRIVACY
Registrar WHOIS Server:
https://porkbun.com/whoisRegistrar URL: www.porkbun.com
Updated Date: 2025-10-21T13:10:11Z
Creation Date: 2025-08-22T13:10:10Z
Registry Expiry Date: 2026-08-22T13:10:10Z
Registrar: Porkbun
Registrar IANA ID: 1861
Registrar Abuse Contact Email: abuse@porkbun.com
Registrar Abuse Contact Phone: +1.5038508351
Domain Status: clientDeleteProhibited
https://icann.org/epp#clientDeleteProhibitedDomain Status: clientTransferProhibited
https://icann.org/epp#clientTransferProhibitedRegistry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: Private by Design, LLC
Registrant Street: REDACTED FOR PRIVACY
Registrant Street: REDACTED FOR PRIVACY
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: NC
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: US
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext: REDACTED FOR PRIVACY
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext: REDACTED FOR PRIVACY
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Admin ID:
Admin Name:
Admin Organization:
Admin Street:
Admin Street:
Admin Street:
Admin City:
Admin State/Province:
Admin Postal Code:
Admin Country:
Admin Phone:
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email:
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext: REDACTED FOR PRIVACY
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext: REDACTED FOR PRIVACY
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: curitiba.ns.porkbun.com
Name Server: salvador.ns.porkbun.com
Name Server: fortaleza.ns.porkbun.com
Name Server: maceio.ns.porkbun.com
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form:
https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2026-01-27T04:47:47Z <<< ▶ №14986582[Quote]>>14986629
>>14986549on xitter you can replace the username in the URL with anything and it'll still link to the same post
so for example, I can replace
https://x.com/Coobsun/status/2016210707130315159with
https://x.com/LichVtuber/status/2016210707130315159and both will lead to the same post
▶ №14986584[Quote]>>14986625
>>14986558yes, thats the normal. I can't get anything but that and "[]" to return THOUGH
▶ №14986592[Quote]>>14986607
Can we dox vtubers instead
▶ №14986607[Quote]
>>14986592both should be done
▶ №14986621[Quote]
alright 'teens let the 'ox begin
▶ №14986625[Quote]
>>14986584My observations:
' > error
'' > error
''' > error
'''' > []
' > error
'; <SQL_statement>;– > error
<any_text_here>'; <SQL_statement>;– > [] ▶ №14986629[Quote]
>>14986582oh okay thanks for the explanation saar
▶ №14986661[Quote]
vp
▶ №14986679[Quote]
up
▶ №14986749[Quote]
Make Cobson fetile again or something
▶ №14986914[Quote]
looks like a neutralraid for now
▶ №14986916[Quote]
up
▶ №14986948[Quote]
last bump before it slides
▶ №14986951[Quote]
can't post screencaps for obvious reasons but someone uploaded DNB as a vtuber under like 20 different names
▶ №14986967[Quote]
nusois can't /hack/
▶ №14987090[Quote]>>14987265
>>14987023with just how much stealth shit I uploaded combined with how shit the site is I imagine the janny will still be finding hidden links to 'jaks and nigger scat + pages for fake vtubers for literal years to come (pretending that the site will still exist then, which it won't). it'll be like glitter or something geg
▶ №14987096[Quote]
>>14987089Wait falsenvke it's back up again
▶ №14987108[Quote]>>14987133
does someone have a script to spam it yet
▶ №14987115[Quote]
I'm scrolling through the site right now this is some vile shit
▶ №14987133[Quote]
>>14987108tutorial
>f12>network tab>click report or search or whatever>right click the request>copy as cURL>import into Insomnia>remove some of the unneeded http headers>edit the body to say what you want it to say>send request / send request on interval (lowest delay is 1 second)If you want to spam faster, you need to click add the request to a task list, set the iteration count, and there you can set the delay to 0ms.
▶ №14987265[Quote]>>14987329
>>14987090I don't want to dissapoint you but since we fastburned all your stealth gemmies can be reverted by looking at access log + timestamps
▶ №14987270[Quote]
disappoint*
▶ №14987329[Quote]
>>14987265that's okay, it was fun while it lasted anyway
xhey just took the site down for the next few hours because of our spam so I consider this a winraid
▶ №14987395[Quote]
Geeeeeg they shut it down
