geteilt von: https://lemmy.ml/post/1895271
FYI!!! In case you start getting re-directed to porn sites.
Maybe the admin got hacked?
edit: lemmy.blahaj.zone has also been hacked. beehaw.org is also down, possibly intentionally by their admins until the issue is fixed.
Post discussing the point of vulnerability: https://lemmy.ml/post/1896249
Github Issue created here: https://github.com/LemmyNet/lemmy-ui/issues/1895
What a thing to wake up to.
I’ll be keeping watch in the local posts or comments in case anyone here tries to submit a post containing the exploit. If I or any of the other admins get compromised I may have to shut dormi.zone down temporarily.
As far as I understood, the exploit abuses an HTML attribute to steal your login token. Going by that, I’m guessing that apps such as Jerboa and Liftoff should be safe for now.