Scratch

cocolover76 · 2012-01-28 20:17:20

in the New Scratcher system.
This is in AT because it is Advanced and it is a Topic.
New Scratchers can post links on scratch.mit.edu, right?

Code:

http://scratch.mit.edu/redirect/url?link=http://google.com

Firefox somehow got that url, except to a Dropbox, when I was lazily seeing if they updated the Block Library's ramshackle counter system.

Sidharth · 2012-01-28 20:24:37

shhhhh; we don't want spammers to hear this! tongue

cocolover76 · 2012-01-28 20:34:02

Sidharth wrote:
shhhhh; we don't want spammers to hear this!

shhhhh; Magnie has a habit of using these redirects instead of directs! tongue

ImagineIt_Test · 2012-01-28 21:31:35

Test: Stencyl

ImagineIt · 2012-01-28 21:33:49

ImagineIt_Test wrote:
Test: Stencyl

Great! But what about this? Scratch

Last edited by ImagineIt (2012-01-28 21:34:07)

cocolover76 · 2012-01-28 22:25:14

ImagineIt wrote:
ImagineIt_Test wrote:
Test: Stencyl
Great! But what about this? Scratch

...Whoever invented the internet, stop fooling around with redirects.

soupoftomato · 2012-01-28 22:31:26

cocolover76 wrote:
ImagineIt wrote:
ImagineIt_Test wrote:
Test: Stencyl
Great! But what about this? Scratch
...Whoever invented the internet, stop fooling around with redirects.

I don't think the creators of the internet necessarily did it.

Hardmath123 · 2012-01-28 23:48:11

I knew about this for a while, but tried to keep quit. We don't need spammers hearing this stuff...

Magnie · 2012-01-29 00:28:04

cocolover76 wrote:
Sidharth wrote:
shhhhh; we don't want spammers to hear this!
shhhhh; Magnie has a habit of using these redirects instead of directs!

Haha, since when? tongue

It's because I can't do anything directly, no? wink

mattlai2 · 2012-01-29 03:18:18

Wow... I love this! tongue

The Scratch Team has to do something on this...

djdolphin · 2012-01-29 08:59:45

Hardmath123 wrote:
I knew about this for a while, but tried to keep quit. We don't need spammers hearing this stuff...

I knew about this for a long time too.

cocolover76 · 2012-01-29 10:26:22

djdolphin wrote:
Hardmath123 wrote:
I knew about this for a while, but tried to keep quit. We don't need spammers hearing this stuff...
I knew about this for a long time too.

Firefox automatically took me to a redirect on Scratch to a image when I right clicked and clicked "View Image".

hello12345678910 · 2012-01-29 10:35:08

Does it work with images?

Nope.

Last edited by hello12345678910 (2012-01-29 10:35:41)

TheDogIslandFan · 2012-01-29 10:56:33

Good one! Ha ha ha! (Just be quiet so the spammers won't hear)

bobbybee · 2012-01-29 10:58:28

tehehe smile

mattlai2 · 2012-01-29 11:16:50

hello12345678910 wrote:
Does it work with images?

http://scratch.mit.edu/redirect/url?lin … p_edet.gif

Nope.

In fact, New Scratchers can't post images, even if they're from under scratch.mit.edu.

sparks · 2012-01-29 14:11:06

Maybe Bugs and Glitches is actually the place for this? It sounds like a bit of a security flaw. I'll request a move.

SJRCS_011 · 2012-01-29 15:04:58

hello12345678910 wrote:
Does it work with images?

http://scratch.mit.edu/redirect/url?lin … p_edet.gif

Nope.

It did.
That's what all of the block library's block do (did, since [img] tags are turned off.

RedRocker227 · 2012-01-29 17:28:05

Hm, that is very interesting. It's also a spammer's dream hmm

Lightnin · 2012-01-30 15:35:11

Wowzers, we gotta fix that. smile
Thanks for reporting it!
In the future, if you find security flaw like this one, please email us at help@scratch.mit.edu . And I'm not saying don't talk about it on the forums, but it is nice if you can give us a little lead time to fix it before anyone uses it to do something bad.
wink
And, btw, I think we'll just leave this here for now while we sort it out.

cocolover76 · 2012-01-30 16:47:46

bobbybee wrote:
tehehe

Firefox wrote:
The page isn't redirecting properly
Firefox has detected that the server is redirecting the request for this address in a way that will never complete. This problem can sometimes be caused by disabling or refusing to accept cookies.

Edit: Why did Copy+Paste do that? Fixed.

Last edited by cocolover76 (2012-01-30 16:48:35)

cocolover76 · 2012-01-30 16:50:12

Oh, also apparently, you use it everywhere.
Spamming programs could find it via searching in that "redirect" folder clearly mentioned here:

http://scratch.mit.edu/redirect wrote:
Closest match: scratch.mit.edu/redirect/about
Other things to try:

Go to scratch.mit.edu/redirect/share
Go to scratch.mit.edu/redirect/support

Lightnin · 2012-01-30 16:54:59

Ok, should be fixed now. Can you guys test it out?

Also, no need to go looking for vulnerabilities, but if you find one, please give us a patch too if you can! (But if you can't, just let us know. smile

Thanks!

Lightnin · 2012-01-30 19:55:56

cocolover76 wrote:
Oh, also apparently, you use it everywhere.
Spamming programs could find it via searching in that "redirect" folder clearly mentioned here:
http://scratch.mit.edu/redirect wrote:
Closest match: scratch.mit.edu/redirect/about
Other things to try:

Go to scratch.mit.edu/redirect/share
Go to scratch.mit.edu/redirect/support

These are different (they aren't using the "url" function). They only redirect to a certain place.

joefarebrother · 2012-01-31 02:03:56

SJRCS_011 wrote:
hello12345678910 wrote:
Does it work with images?

http://scratch.mit.edu/redirect/url?lin … p_edet.gif

Nope.
It did.
That's what all of the block library's block do (did, since [url]tags are turned off.

actually they use antidote.

Scratch

archived forums

#1 2012-01-28 20:17:20

I found a weakness

Code:

#2 2012-01-28 20:24:37

Re: I found a weakness

#3 2012-01-28 20:34:02

Re: I found a weakness

Sidharth wrote:

#4 2012-01-28 21:31:35

Re: I found a weakness

#5 2012-01-28 21:33:49

Re: I found a weakness

ImagineIt_Test wrote:

#6 2012-01-28 22:25:14

Re: I found a weakness

ImagineIt wrote:

ImagineIt_Test wrote:

#7 2012-01-28 22:31:26

Re: I found a weakness

cocolover76 wrote:

ImagineIt wrote:

ImagineIt_Test wrote:

#8 2012-01-28 23:48:11

Re: I found a weakness

#9 2012-01-29 00:28:04

Re: I found a weakness

cocolover76 wrote:

Sidharth wrote:

#10 2012-01-29 03:18:18

Re: I found a weakness

#11 2012-01-29 08:59:45

Re: I found a weakness

Hardmath123 wrote:

#12 2012-01-29 10:26:22

Re: I found a weakness

djdolphin wrote:

Hardmath123 wrote:

#13 2012-01-29 10:35:08

Re: I found a weakness

#14 2012-01-29 10:56:33

Re: I found a weakness

#15 2012-01-29 10:58:28

Re: I found a weakness

#16 2012-01-29 11:16:50

Re: I found a weakness

hello12345678910 wrote:

#17 2012-01-29 14:11:06

Re: I found a weakness

#18 2012-01-29 15:04:58

Re: I found a weakness

hello12345678910 wrote:

#19 2012-01-29 17:28:05

Re: I found a weakness

#20 2012-01-30 15:35:11

Re: I found a weakness

#21 2012-01-30 16:47:46

Re: I found a weakness

bobbybee wrote:

Firefox wrote:

#22 2012-01-30 16:50:12

Re: I found a weakness

http://scratch.mit.edu/redirect wrote:

#23 2012-01-30 16:54:59

Re: I found a weakness

#24 2012-01-30 19:55:56

Re: I found a weakness

cocolover76 wrote:

http://scratch.mit.edu/redirect wrote:

#25 2012-01-31 02:03:56

Re: I found a weakness

SJRCS_011 wrote:

hello12345678910 wrote:

Board footer