/lynxchan/ - LynxChan
The best engine you will ever shitpost with.
Keep threads on-topic.
Installation video tutorial
Vichan migration script
Max Message Length:
Don't show location
Make sure I have a block bypass
Drag files to upload or click here to select them
Max File Size:
File Limit Per Post:
Remember to follow the
LYNXCHAN IS UNSAFE
02/17/2019 (Sun) 13:07:39
Prevent XSS ! Context Based Encoding
HTML encode parameters which are displayed in HTML. HTML encoding is provided by view engines such as jade as well as frontend frameworks like Angularjs. You also can explicitly do it from server side using htmlencode npm module.
CSS encode parameters which are used in element styles
sTEPHEN C LYNX
02/17/2019 (Sun) 13:09:19
LYNXCHAN IS UNSAFE Prevent CSRF (Cross Site Request Forgery) with Anti-Forgery Tokens
Cross Site Request Forgery (CSRF) allows an attacker to execute a certain function on the web application on behalf of yourself. To prevent these kinds of attacks, we can implement Anti-CSRF tokens so that the server can validate whether the request is coming from intended sender. Anti-CSRF tokens are one time tokens which are sent along with the user’s request and used by the server to validate the authenticity of the request. Please refer to my previous blog post about what Anti-CSRF tokens are.
Express.js framework is a web framework for Node.js which has in-built support for CSRF prevention. Following example shows how to initialize CSRF protection with Express.js and Node.js. When this protection is added, express.js creates a secure token which is sent to the server via both request body and cookies. These two tokens are validated by the server for forgery. If server fails to validate these two tokens, server returns a 403 Forbiddenresponse to the client.
This mechanism prevents an attacker sending requests to the server on behalf of yourself since attacker has no access to the cookie for the domain in your browser. Even if he collects one token, he cannot replay it again since the token is one time.
02/17/2019 (Sun) 14:04:36
If you find a vulnerability related to that, just let me know.
02/17/2019 (Sun) 14:32:37
Fuck off, faggot. You use an UN-SECURE node.js base, an UN-SECURE mongo db and then you pretend you do not know anything about the tons of vulnerabilities that are inherent to such shit code. To prove my point, lynxhub.com will get a little surprise soon. We are anonymous. Stephen Lynx is a faggot. We are legion. We do not forget. We do not forgive. Expect us.
02/17/2019 (Sun) 21:23:24
I found several vulns in lynxchan…. it looks like they were coded in on purpose. That poster is right
02/18/2019 (Mon) 18:22:27
>To prove my point, lynxhub.com will get a little surprise soon.
I'll be waiting.
Delete only files
Delete media (Actually removes the saved files from the server, standard file deletion only removes the reference to the selected posts)
Captcha(Used for reporting and bans by board staff):