20
catgirl
5y

How do I add bugs that only affect one user and make it look like an accident?

Comments
  • 4
    Weird binary magic and requirements like browserversion, locally installed libs and bugs.
  • 20
    if uid == <user-id>:
    misbehave()
  • 2
    Also buffer overflow.
  • 2
    @Lor-inc , I haven't done this before 🤐
  • 3
    @C0D4 I only did categorical ones, eg. users registered with a freemail email account (a terrible local provider that occasionally makes room by deleting archives or accounts altogether) had a lower priority on all account related operations, and IE users got a separate "compatibility" CSS file that was pretty much empty except for a minimal layout. (I still often do that, once supporting a browser becomes a hassle I add it to compatibility mode.
  • 0
  • 0
    User with non visible character data...

    Add eg to the login name tabs / non printable character data

    Most people don't sanitize / validate input
  • 0
    @rutee07 rofl
  • 1
    Obfuscated indirection. Create an corner case, add a few methods that make sense, but don't account for the corner. Ensure that the user's account hits that corner case. If possible make it somewhat random so it's difficult to replicate even with the user's data. Personal favorite of mine is to rely on some particular encoding that enables targeting via mostly unique combinatorials across n functions (usr prefixing, role targetting, generic attribute extensions, etc).
  • 1
    Sadly it's not active anymore, but maybe you can get ideas ;-)

    http://www.underhanded-c.org/
  • 2
    What i do is set their account to go to testing instances and screw shit up there for them
Add Comment