Hacking Millions of Modems (and Investigating Who Hacked My Modem) - eviltoast

This article is a great example why you should use your own router instead of ISP provided one

  • Wispy2891@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    5 months ago

    I’m not a programmer but is it normal that the login page contains the whole main JavaScript code of a logged in user?

    Also, what’s the point of having this kind of client side api? Because you can never trust the client shouldn’t be everything server side and only return a html page with the data related to your account?

    • moira@femboys.barOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      5 months ago

      It doesn’t matter that website loads javascript code for logged in user, as you need a token (which server will give you after a successful login) to authenticate to apis, it is pretty common to do that way

      There wasn’t a client side API, but the API was missing crucial validation of user input (eg only checking the mac address but didn’t check who is actually authenticated)