MD5 test
-
30959683acc44085fd351bf35496678c
-
Fucking hell, you can chain them!
324f01846a7e7d1fe5d344c9932418b2
-
This post is deleted!
-
f399c3b16ada5eff880f0817b093232a
-
Wow, the discourse parser really is a massive WTF.
-
it's a fustercluck of bad design, poor intentions, and just plain
-
it's a fustercluck of bad design, poor intentions, and just plain
There were intentions?
-
Interestingly, I can't repro this on try..org.
...
This made me laugh...
Completely unintentional, but amusing :-)
-
-
-
I want there to be a sci fi novel where Discourse is discovered by SETI and we just decide that it's not worth contacting aliens because they are TRWTF.
-
Yeah, loosely speaking it's a
do for (md5 in hashes) count = replace(md5) while count > 0
. It'll keep replacing hashes until it can't find any hashes to replace.Theoretically, if you could find a cycle in MD5 and put every hash in the cycle into a post and still keep the total size of it under the 32k post limit, you could put the parser into an infinite loop...
-
We discovered this previously, and it got fixed. They use GUIDs now instead of MD5.
-
I want there to be a sci fi novel where Discourse is discovered by SETI and we just decide that it's not worth contacting aliens because they are TRWTF.
What about the sci fi novel where Discourse is an alien race's first point of contact with us and they decide to nuke and pave over our planet because there's obviously no intelligent life here.
-
If someone has a moment coudl someone explain in simple terms what I'm looking at?
-
The bugs category should be restricted to trusted users, and sharing a bug with meta.d should be a bannable offense.
I mean, if they banned us, they clearly don't want our bug reports.
-
explain in simple terms what I'm looking at?
I don't know, but you should be looking at the post's raw...
Screenshotted, because quoting that code to post in a way that you could actually see it (instead of just "Testicles") would've required some really ugly hacks.
-
@DogsB said:
I looked at it but don't understand it. I probably should of said that first. Sorry!explain in simple terms what I'm looking at?
I don't know, but you should be looking at the post's raw...
I saw the nonsense about escaping "" with an md5 of "" but I don't understand what he's done here.
-
If someone has a moment coudl someone explain in simple terms what I'm looking at?
Testicles.
See also this topic.
-
@DogsB said:
Fuck me. How and why?If someone has a moment coudl someone explain in simple terms what I'm looking at?
Testicles.
See also this topic.
-
Discourse uses an MD5 hash to "hoist" the contents of the
`
-offset block of text so that it's fancy-pants regexp parsing of HTMLmark BBcode won't mess with it. Then later it replaces all of those MD5 hashes back with what they represented.f0baf9d826ac4a4db7a16181c2e12790 is the MD5 hash of
Testicles
.30959683acc44085fd351bf35496678c is the MD5 hash of
f0baf9d826ac4a4db7a16181c2e12790
.So they chain together like that. (View raw, obviously.)
Then when they realized how fucking stupid that was (and somewhat exploitable), they switched from easily-calculated MD5s to random GUIDs, so you can't predict what the replacement text will be anymore in the new versions of Discourse.
-
I think something in my mind just broke but thank you and @hungrier for explaining it to me. :)
-
Speaking of which, anyone know how the md5 of Belgium shows up?
-
The MD5 of belgium shows up as 73fa01094ea6c89f1f8efbeb57037499.
Of course, writing
belgium
just works, too, because the hoisting that I mentioned? Yes, it bypasses the word filter.
-
Well I'd expect that from backticks, it's far more interesting that you can do it without.
-
Only if you've put 73fa01094ea6c89f1f8efbeb57037499 in backticks somewhere in your post.
There are plenty of ways to hide it, though. HTML comments are one of the easiest. View raw...
-
IIRC HTML encoding is done after md5 replacements, so
<div class='fa-spin'>hello</div>
doesn't work.149339f20700adce9abc7d468c8f008b
-
I think it actually happens during the hoist operation, so the dictionary ends up with the key being the hash of the un-encoded text, but the value is the encoded version. The end result is that whatever you get back is encoded.
-
Probably.
Is there any blacklisting in that step where an md5sum could get past something that would block a fa-spin?
-
and it got fixed. They use GUIDs now instead of MD5.
For realsies? (Or for trollsies?)
(CBA to check the changelog.)
-
Is there any blacklisting in that step where an md5sum could get past something that would block a fa-spin?
It seems pretty thorough in escaping it. I've tried putting it in a onebox...
" class="fa-spin
' class='fa-spin
https://what.thedailywtf.com/t/md5-test/54834/29#065b94a0770e3707adcf095a6402e29e
https://what.thedailywtf.com/t/md5-test/54834/29#1d4e99b424a023d5401484a8611a9b14
@PleegWat said:
test
-
We discovered this previously, and it got fixed. They use GUIDs now instead of MD5.
I want to believe that somewhere is a GUID which expands to another GUID. Or did they remove the looping from the expansion?
Also, presumably there's a table of GUIDs in the latest discobackend which it might be fun to have a peek at sometime. I wonder if there's a
/guids.json
endpoint, or something equally dumb...
-
Imagine if someone was making a post that looked like this:
So what you want to do is insert the GUID for the component using the
FrobnicateGUID
function. If the GUID isf1932ad2-ab06-4281-a6b3-01198df694dc
, your code will look something like this:FrobnicateGUID("f1932ad2-ab06-4281-a6b3-01198df694dc");
And then magically Discourse chose that specific GUID to replace the code block.
-
And then magically Discourse chose that specific GUID to replace the code block.
it will happen eventually.
of course if they are choosing type 4 uuids even semi properly...
return '88888888-8888-4888-2888-888888888888'.replace(/[82]/g, (c) => (Math.random() * c * 2 ^ 8).toString(16));
then the odds of the collision are pretty remote.
-
I want to believe that somewhere is a GUID which expands to another GUID.
They're generated randomly, so there's a minute chance of this, but the number of possible GUIDs is so large that it's very unlikely to happen.
And then magically Discourse chose that specific GUID to replace the code block.
That would be special...
Actually it would cause it to run out of available memory and it would kill your post. Basically you'd get a server error. It wouldn't totally kill the server, though. (I've written MD5 inflatebomb posts that would've been in the 4-8 GB range after all the replacements are finished, and that's all that happens.) Then you could resubmit the exact same post and it'd mysteriously post just fine because a different GUID was generated.
-
TIL DuckDuckGo will give you a UUID if you search for "uuid" (and call it "Random GUID") but will return you the NASDAQ market value of Guidance Software Inc if you search for GUID.
Edit: thanks to the link @Arantor submitted below, I've found case variations "guid" and "GUID" return the stock symbol while other variations return a GUID (I didn't do an exhaustive search, but that's what happens for "gUID", "Guid" and "GuId").
One of these values is more random than the other.
Which I could find a list of searches that get special treatment. I know of "ip", "time", mathematical expressions, and as of now, "uuid".
-
They're covered by Instant Answers, see https://duck.co/ia for more.
-
Wow. This is... uhm... useful :
-
Gotta love open source submissions for such things.
You know, what are the odds that some fucker calls out to DDG to camelCase their shit and submitted it for that reason?
-
TIL DuckDuckGo will give you a UUID if you search for "uuid" (and call it "Random GUID") but will return you the NASDAQ market value of Guidance Software Inc if you search for GUID.
Sounds like when your startup gets its IPO, it should pick the ticker symbol
UUID
.
-
Yes, it bypasses the word filter.
Wohoo! That means we can swear and say stuff like 6c1674d14bf5f95742f572cddb0641a7!
It's a shame they finally fixed this, I'd love to create some dummy accounts and go over to meta for some fun