When I try to submit a post or comment containing the string [slash]etc[slash] passwd, the submit button goes into a loading state and spins indefinitely. The request is blocked by Cloudflare with status code 403. I can’t even search for the forbidden string. You have to check dev tools to find out what went wrong, this error is not handled in the UI at all.
So, if you’ve ever tried to reply to a tech issue and the UI just won’t let you, maybe this is why.
/etc/passwd
just checking
All I see is *******
hunter2
Change the code on my luggage. No, wait, that’s something else.
/etc/passwd
This smells like something being blocked by Cloudflare’s WAF (Web Application Firewall) rules. I’d imagine there might be a rule there to try to block requests that look like they could involve sensitive files like the passwd file
https://developers.cloudflare.com/waf/
The UI should probably alert you of there being an issue posting after getting a 403 response
Damn even though you explained the abbreviation I still read it as Wife Approval Factor for a second and was very confused
Let’s see, I’m on lemmy.world: /etc/passwd
What the heck, it consistently does not work for me. I guess that’s not the only deciding factor in why my posts don’t go through. I’ve changed the pronoun in my post from ‘you’ to ‘I’ because it doesn’t apply to everyone. ^^
Hmm, weird. I notice that you’re using Firefox; maybe that’s the deal. I am too:
Aha! I think that might be it! I can’t on Firefox either.
Edit: Nope, just tried it on Boost, and that didn’t work either.
Ok, I was on the “old.” skin; let’s try the standard skin.
Nope, it doesn’t work on the standard skin, either.
Are you using the website or an app?
On the website:
/etc/password
Let’s see.
EDIT: Well, maybe the Cloudfare filters are region-dependent.
I just realized my previous reply from 3 days ago might not be visible to you.
You wrote
password
instead ofpasswd
, I think that’s why it passed the filter.Link to the comment you probably didn’t receive: https://discuss.tchncs.de/post/17139304/10847588
Interesting, yep, passwd fails for me too.
hunter2
*******
That’s kinda funny, in a way - unsophisticated prevention for an unsophisticated attack.
Everyone trying to use the Internet normally suffers due to this kind of stuff.
⟋etc⟋passwd ⧸etc⧸passwd /etc/passwd
How dare you go outside the bounds of ASCII! 95 printable characters ought to be enough for anyone.
[slash]etc[slash]passwd
/etc/passwd
Posted this from Thunder on lemdro.id
test №2 …
/ etc /passwd
/ …/etc /passwd
/ …/…/etc /passwd
(from: Android, browser, on lemmy. …world)
i cannot post this if I remove the spaces !Sent from my iPhone
using Tapatalk
Noooooooo
Can’t post on Lemmy.World, photon desktop UI. Interesting
Is it because it contains the word “ass” ? I can imagine this being caused by some poorly designed censoring software.
I remember in 1999 or thereabouts when I was playing Ultima Online, and the same thing happened when I was a ghost trying to get back into town to get resurrected: As I instinctly tried to open the gate to enter, I got the message “Your ghostly hand p4$$es through the gate”Best not to try to roleplay as an ******in
You mean a buttbuttin?
Edit: Boost for Android won’t let me post it either.
I remember those shenanigans from Neopets. You couldn’t say cucumber on the forums.
I had to read “cucumber” three times before I realized why.
deleted by creator
That explains why I had trouble a while back
<script>alert(/etc/passwd)</script>
/etc/passw[nothing]d blocked here at lemm.ee.
Tried with ‘Connect for lemmy’ against lemm.ee and just got a full screen error that vanished after a second.
/ etc / passwd <- so none of the components are blocked.
I can only hope programming.dev of all instances doesn’t have this problem!
(Also, I’m really wondering where does this error come from. It can’t be, in theory, from lemmy itself, right? One would think user input in posts is sanitized so that it’s not used as code, either raw or processed).