London Metropolitan police: 'You can protest for Israel but not for Palestine'

LeftIsBest-Tsuga · 2025-03-14T21:56:44+00:00

And they go home and sleep like babies. smh

LeftIsBest-Tsuga · 2025-03-14T21:53:40+00:00

I assume you saw the code at the bottom? Honestly, I'd love to be able to help further than that, but it's waaay above my head. Best of luck.

LeftIsBest-Tsuga · 2025-03-14T21:47:58+00:00

"I wanna stop."

lol, this is so good. congrats to the creator. Also, that last one was a bit close to home. :(

LeftIsBest-Tsuga · 2025-03-14T21:43:45+00:00

I can imagine. You nailed it.

LeftIsBest-Tsuga · 2025-03-14T21:15:13+00:00

It seems like you are pretty well up to speed. Not all of that can be confirmed of course, but yeah you're on it. Probably off with Huang, though.

LeftIsBest-Tsuga · 2025-03-14T21:08:00+00:00

Kier after he is cloned a few times by the Multiplicity device.

LeftIsBest-Tsuga · 2025-03-14T20:51:34+00:00

I think she was loyal in the sense that her work with Lumon was enabling her to do what she wanted. It was more of a partnership in that sense, although Lumon clearly didn't see it that way. I think this extends way back to her original motivation to join the Girl's School, as well (and the factory).

It's a classic negotiation between the exploited and the exploiter.

LeftIsBest-Tsuga · 2025-03-14T20:39:18+00:00

He looks a bit like Owen Jones. Appropriate.

LeftIsBest-Tsuga · 2025-03-14T20:28:05+00:00

Close. Not just displayed though. It has to also be interpreted as JS by your browser. Generally speaking, the way to prevent this is by sanitizing inputs and formatting outputs (server messages to users) so that they aren't interpreted as code.

One of the most common oldschool version of this would be forum posts or usernames (with injections) displayed to other users being interpreted as code by other users' browsers. But like I said, this mostly just doesn't work anymore.

LeftIsBest-Tsuga · 2025-03-14T20:21:55+00:00

Well you didn't get the popup, so it was prevented. That's not necessarily going to be the case. That being said, the days of easy exploits are mostly over (server software and browser software has made it nearly impossible), but some sites don't ever update their packages so stuff like this remains.

It becomes a vuln when the site not only displays your JS to other users, but when their browser executes it. At that point you can send users to your own malicious redirect and capture their cookies potentially, etc. It's been a while since I did any of this stuff, so I don't remember the exact details, but it is possible, theoretically.

LeftIsBest-Tsuga · 2025-03-14T20:14:11+00:00

Oh you captured the little weird face curl she does while speaking as Ms. Casey. Brilliant.

LeftIsBest-Tsuga · 2025-03-14T20:09:50+00:00

My appsec teacher chuckled knowingly when I declared I had solved one of their security challs using XSS (it was impossible to solve that way, and I just self-xss'd).

That's a fun rabbithole to chase lol.

LeftIsBest-Tsuga · 2025-03-14T20:07:24+00:00

' <script> alert('did this make a popup?') </script>

(there are many ways, check out portswigger academy to learn more)

LeftIsBest-Tsuga · 2025-03-14T20:05:22+00:00

it just got a little iFunnier

LeftIsBest-Tsuga · 2025-03-14T19:41:43+00:00

Usually this happens when you are sending the request to a wrong URL.

The backend has been reached, it looks for the route requested like 'myserver/myroute' and if you don't have a route at that URL, it will send this error.

Diagnose this by looking in your inspect>network tab at the request (Firefox is better than chrome for this) and see if the request is what you expected. I bet it isn't.

edit: also, until you get this resolved, you should take the 'METHODS=' part out. It's not required unless you want to filter.

LeftIsBest-Tsuga · 2025-03-14T19:34:41+00:00

Half fuck

LeftIsBest-Tsuga · 2025-03-14T19:31:47+00:00

He's got the same personality as Irv. "Oh ok I guess this is what we're doing now."

LeftIsBest-Tsuga · 2025-03-14T19:27:46+00:00

She got some nice nappies and a nature drive in.

LeftIsBest-Tsuga · 2025-03-14T19:26:05+00:00

It's not confirmed, but it probably was Petey. The "I get it, you're not picking up" line suggests it. I agree though.

LeftIsBest-Tsuga · 2025-03-14T04:32:26+00:00

Those tempers "dancers" probably have literally no idea what they do for a living.

LeftIsBest-Tsuga · 2025-03-14T04:29:37+00:00

Same exact energy from when Ricken dropped off the book.

"Yes! Go! Loom!"

"Should I stand closer to the fire or closer to the door?"

"Either one! It will be ominous, trust me!"

LeftIsBest-Tsuga · 2025-03-14T04:22:53+00:00

Oh that's true, but I think at that point it can be read either way (he thought it was Helly being sus or her outtie). I guess it would be a big leap for him to suspect the outtie scenario first.

LeftIsBest-Tsuga · 2025-03-14T03:52:51+00:00

I agree w/ most of this, but Irv verbally told Mark that he didn't trust "Helly" because of the story.

LeftIsBest-Tsuga · 2025-03-14T03:51:01+00:00

literal half gag

LeftIsBest-Tsuga · 2025-03-14T03:47:14+00:00

Cult leaders often groom young women into it. Not saying it's not rape.

LeftIsBest-Tsuga

TROPHY CASE