read bio @boots@computerfairi.es

@envgen maybe its cursed

@envgen maybe you got another

hm https://computerfairi.es/media/sdm82YPrqBs2avDMToM

@ghedipunk well, i dont know if it has anti-csrf, but...

@mdm honestly, oem router firmware is just
always bad
like, i dont know any oem firmware that isn't the worst

@mdm it is, 8080
remote management is not on by default, but the router settings imply it's fine if you have an admin password set

@ghedipunk well, not if you're outside the network, because youd have to be able to access it to do it

@bvtsang@icosahedron.website it is

@mdm noooope

OH MY GOD THERE'S AN UNAUTHENTICATED API TO SET THE *ADMIN PASSWORD*
I SENT A REQUEST TO IT TO SEE HOW IT WOULD BOUNCE BECAUSE I THOUGHT "oh hey they wouldnt do that i wonder how it errors" BUT NO

$.post("BelkinAPI/DBPasswordSet", {"RequestID":6969,'PassWd':"im gay"}, console.log, "json")

THIS JUST SETS THE PASSWORD

looking at router firmware
issue 1: there's an unauthenticated api that sends you the wifi passwords
issue 2: its remotely accessable
issue 3: but dont worry because it's censored client-side, but the server sends you the full password so
issue 4: the code that censors the password looks like this https://computerfairi.es/media/bNX09DZuQrxc6dynZTY

have you ever looked at a script and just like
nearly fell over because the amount of vitriol towards an api past you had https://computerfairi.es/media/_36BhrvoreXu9r1Sb4w

when you open a script to see if it works and every single comment made includes at least one swear or is in all caps

@garbados yeah that's it
i'm mostly just confused as to like
1. why is there a camera there
2. why are the rubber ducks there
3. no seriously why are the rubber ducks there

http://75.69.162.114:8080/video

http://simpsons.wikia.com/wiki/Sonic_the_Hedgehog

@inmysocks dolphin