We're on it anon…..relax
Its comped. No doubt. It has already been found by /ourguys/ if there are warnings regarding the app. Unfortunately it is very common for these apps to gather info, Voice print, Face recognition, gather connections, geo location etc… Tic-Tok is more than likely an aggregate data collector for dynamic profiling of users. It will take some time pull together…. I will personally post whatever I find.
It was pseudo code….
>>9511175
def visit_twitter_and_log_in
visit 'https://cards-dev.twitter.com/validator'📁
find('input.js-username-field').set(ENV['TWITTER_USERNAME'])
find('input.js-password-field').set(ENV['TWITTER_PASSWORD'])
click_on('Log in')
end
def enter_url_and_click_preview(url)
find('input.FormControl').set(url)
click_on('Preview card')
result = has_content?('Page fetched successfully')
visit 'https://cards-dev.twitter.com/validator'📁
end
end
Q
It does have potential to become something else. Nothing a little digging into the code base can't reveal. It appears to be a pointer to that area of code. Something around the auth code. MSFT did this type of BS all the time. They left known exploits in the code for years so nefarious actors could walk in and out of the infrastructure whenever they desired. I always thought that Gussifer used some of these gaps in the code. He moved through infrastructures very seamlessly. He had insider knowledge or found the gaps. This twatter exploit feels like one of those hacks.
Just an observation….digging
>>997468
Anon is referring to Tic-Tok app. (Currently under validation.) Auth code for twatter is behind the front end in scripts er….sill poking around. May take a little moar to capture the actual script.
So you don't know?
Linked auth script is behind the WAF. How does that compare to the actual auth code. Admin portal give full access to all accounts? This is the front door. What about the open windows?