Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://xn--8r9a.com/users/north/statuses/111540499037937569">Jason Parker (he/they) (north@xn--8r9a.com)'s status on Friday, 08-Dec-2023 03:26:44 JST</a><a href="https://xn--8r9a.com/@north" title="north@xn--8r9a.com"><img src="https://gnusocial.jp/avatar/39344-48-20221125231120.webp" width="48" height="48" alt="Jason Parker (he/they)" style="position: absolute; left: 0; top: 0;">Jason Parker (he/they)</a></section><article><p>It's now been one week and one of the court platforms in my recent disclosure[1] is still vulnerable to the issue that was reported to them by multiple state agencies over two months ago.  They have not responded to my emails.</p><p>At what point does it become appropriate to publish a PoC?  There's some Really Bad Shit™️ that can be obtained, so it's a tough position to be in.</p><p>[1] <a href="https://github.com/qwell/disorder-in-the-court" rel="noreferrer">https://github.com/qwell/disorder-in-the-court</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2425985#notice-4795605">In conversation</a><time datetime="2023-12-08T03:26:44+09:00" title="Friday, 08-Dec-2023 03:26:44 JST">Friday, 08-Dec-2023 03:26:44 JST</time> <span>from <span><a href="https://xn--8r9a.com/@north/111540499037937569" rel="external" title="Sent from xn--8r9a.com via ActivityPub">xn--8r9a.com</a></span></span><a href="https://xn--8r9a.com/@north/111540499037937569">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: emails.at</div><h5><a href="https://emails.At/">Der Domainname emails.at steht zum Verkauf.</a></h5><div></div></header><div>Sichern Sie sich jetzt Ihre Wunschdomain! ✓ Sichere Zahlungsabwicklung ✓ Kompetentes Serviceteam ✓ Treuhändische Abwicklung</div><footer></footer></article></li><li><article><header><div>Domain not in remote thumbnail source whitelist: opengraph.githubassets.com</div><h5><a href="https://github.com/qwell/disorder-in-the-court">GitHub - qwell/disorder-in-the-court: Court platform vulnerability disclosure(s).</a></h5><div></div></header><div>Court platform vulnerability disclosure(s). Contribute to qwell/disorder-in-the-court development by creating an account on GitHub.</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Jason Parker (he/they) (north@xn--8r9a.com)'s status on Friday, 08-Dec-2023 03:26:44 JST Jason Parker (he/they)
It's now been one week and one of the court platforms in my recent disclosure[1] is still vulnerable to the issue that was reported to them by multiple state agencies over two months ago. They have not responded to my emails.
At what point does it become appropriate to publish a PoC? There's some Really Bad Shit™️ that can be obtained, so it's a tough position to be in.
[1] https://github.com/qwell/disorder-in-the-court
In conversationFriday, 08-Dec-2023 03:26:44 JST from xn--8r9a.compermalink
Attachments
1. Domain not in remote thumbnail source whitelist: emails.at
  Der Domainname emails.at steht zum Verkauf.
  Sichern Sie sich jetzt Ihre Wunschdomain! ✓ Sichere Zahlungsabwicklung ✓ Kompetentes Serviceteam ✓ Treuhändische Abwicklung
2. Domain not in remote thumbnail source whitelist: opengraph.githubassets.com
  GitHub - qwell/disorder-in-the-court: Court platform vulnerability disclosure(s).
  Court platform vulnerability disclosure(s). Contribute to qwell/disorder-in-the-court development by creating an account on GitHub.

Public

Embed Notice

HTML Code

Corresponding Notice