Looks like the website has been overwhelmed with spam, and, possibly hacked/expl... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		update on June 12, 2023 \| parent \| context \| favorite \| on: Show HN: Non.io, a Reddit-like platform Ive been w... Looks like the website has been overwhelmed with spam, and, possibly hacked/exploited [1]. It looks like someone has been able to create directories & upload scripts [2]? I do bug bounty in my spare time so this was an interesting live find. [1] https://non.io/expoity [2] https://html.non.io/upload-demo.html

jjcm on June 12, 2023 [–]

Scripts are permitted in html uploads (all content is iframed and served from a separate domain), though I will go through and remove blank directories for now.

I’ll likely add checks for an index.html for any upload and turn off indexing in the future to prevent these.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact