←back to thread

Writing "/etc/hosts" breaks the Substack editor

(scalewithlee.substack.com)
603 points scalewithlee | 1 comments | 25 Apr 25 13:48 UTC | HN request time: 0.227s | source
Show context
netsharc ◴[25 Apr 25 14:24 UTC] No.43793903[source]
Reminds me of an anecdote about an e-commerce platform: someone coded a leaky webshop, so their workaround was to watch if the string "OutOfMemoryException" shows up in the logs, and then restart the app.

Another developer in the team decided they wanted to log what customers searched for, so if someone typed in "OutOfMemoryException" in the search bar...

replies(2): >>43793976 #>>43795364 #
PhilipRoman ◴[25 Apr 25 16:18 UTC] No.43795364[source]
Careless analysis of free-form text logs is an underrated way to exploit systems. It's scary how much software blindly logs data without out of band escaping or sanitizing.
replies(1): >>43796073 #
ycombinatrix ◴[25 Apr 25 17:05 UTC] No.43796073[source]
Why would someone "sanitize" OutOfMemoryException out of their logs? That is a silly point to make.
replies(3): >>43796243 #>>43796381 #>>43802850 #
1. MortyWaves ◴[26 Apr 25 12:01 UTC] No.43802850[source]
Absolutely incredible how dense HN can be and that no one has explained. Obviously that isn’t what they are saying, they are saying it’s profoundly stupid to have the server be controlled by a simple string search at all.