Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Login to your profile #25

Open
Ryneex opened this issue Apr 10, 2024 · 3 comments
Open

Login to your profile #25

Ryneex opened this issue Apr 10, 2024 · 3 comments

Comments

@Ryneex
Copy link

Ryneex commented Apr 10, 2024

Hey man, maybe you should login and check your name and username :) @ladunjexa
@ladunjexa
Copy link
Owner

@Ryneex kudos for the creativity! 🎉 Let's chat about how you did it, so I can patch things up.

@Ryneex
Copy link
Author

Ryneex commented Apr 11, 2024

@ladunjexa basically I was going through the course and I noticed a potential vulnerability in the server actions concerning CRUD operations. Specifically, the server actions seems to rely solely on the user_id provided by the client without implementing any checks to verify the authenticity of the user's ownership of the account. This oversight could leave the system susceptible to exploitation through modification of the user_id field in the request body. so basically I will create a post, intercept the request and replace my author_id with someone else's, that will do the trick 😉

@naranjansingh
Copy link

naranjansingh commented Jun 15, 2024
edited

Hey man @ladunjexa i face error in [nextjs14-devoverflow]
Screenshot (268)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ladunjexa @naranjansingh @Ryneex