Are they just an issue with wefwef or trying to use an exploit

  • Tartas1995@discuss.tchncs.de
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    I don’t know what Lemmy uses tbh. I don’t even know if the code would work when run. Like i don’t know e.g. if they grab the username(?) correctly. I just understand their intentions but yeah their execution might be horrible.

    • 𝙚𝙧𝙧𝙚@feddit.win
      link
      fedilink
      arrow-up
      4
      arrow-down
      1
      ·
      1 year ago

      I’d be willing to bet they’re using the API to make all the changes. The cookie has the jwt token. I don’t believe you need the username (at least judging by the js API docs).

      • Tartas1995@discuss.tchncs.de
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Someone said they think it is to know if the user is admin. I haven’t verify it. And I tried to make clear that username was a guess.