@GossiTheDog yeah is for another article about this I have read that seems to poise that RCE was established saying TA used an old CVE but am suspicious of it bec. of the txt file proof. That being said the existing "?a" parameter in Archive.org that was archived around 2 minutes after the "?mail" and before the "?x", so it is in between of the 2 proofs and based from its timestamp disproves that the actual x.txt itself doesn't exist and the parameters are more likely related to web caching.
Notices by ajantis (ajantis@cyberplace.social)
-
Embed this notice
ajantis (ajantis@cyberplace.social)'s status on Wednesday, 02-Apr-2025 00:23:50 JST 
ajantis
-
Embed this notice
ajantis (ajantis@cyberplace.social)'s status on Tuesday, 01-Apr-2025 23:30:28 JST
ajantis
@GossiTheDog Unpopular opinion: Proof looks like web cache poisoning and not RCE. Looks like made to believe to be an actual txt file
Notice the "?" param where is used as part of cachebuster PoC for web cache poisoning
As if not, then all Archive entries should resolve to the same txt contents, however bunch 404 like the x.txt itself and there is "?a" which disproves the proof based from Archive timestamp
x.txt - 404
x.txt?mail - with email text
x.txt?a - 404
x.txt?x - with email text
All GNU social JP content and data are available under the