I found a vulnerability in an online compiler.

So, I heard that people have been exploiting online compilers, and decided to try and do it (but for white-hat reasons) so I used the system() function, which made it a lot harder so i decided to execute bash with execl(). I tried doing that but I kept getting denied. That is until I realized that I could try using malloc(256) and fork() in an infinite loop while running multiple tabs of it. It worked. The compiler kept on crashing. After a while I decided that I should probably report the vulnerabilites.

There was no one to report them to. I looked through the whole website but couldn't find any info about the people who made it. I searched on github. No results. Well fuck.

  • 8
    Patch it

    Fork it

    Write blog post about what you did

    Get job as vulnerability tester

  • 1
    Are you able to perform remote code execution?
  • 3
    @Demolishun I am currently working on that actually. Its hard because it only compiles C or C++ so i have to use system() to write code to the /app directory. Edit: I just realized i should use execl()
  • 8
    wtf is this shit?
    An online c++ compiler thats runs on someones server, that allows you to fork bomb it? DAFUQ?

    Just upload a cryptominer, and profit....
  • 0
    @magicMirror Yeah, once i figure out how to edit their own files I will have a lot of fun. Although, i wonder if that is illegal under US law, as they are kinda giving me the tools to do it, and even if its illegal, I don't think anyone is maintaining it, and has probably forgotten about it all together.
  • 0
    Do they have an security.txt?
  • 0
Add Comment