Thread - Nostr Hypermedia

EVAN KALOUDIS evan@zeusln.com 16 hours ago

I Could've Rickrolled the Entire FIFA World Cup. All I Needed Was My ID.

I Could

How I found that anyone could register on FIFA

Replies (6)

hzrd149 _@hzrd149.com 16 hours ago

"Except this was all client-side. The Angular app checked the JWT for a NO_ROLES marker and rendered the access-denied page. The backend APIs? They didn't check anything. They just served whatever you asked for." This was common at my previous job, so many things checked the roles in the JWT and didn't verify with the backend

1 replies ↓

John (Clams) john@clams.tech 16 hours ago

This is amazing

Allen biophoton@primal.net 14 hours ago

Major bummer they didn’t

Tico 🇨🇷 tico@primal.net 8 hours ago

Fack

Tico 🇨🇷 tico@primal.net 8 hours ago

FIFA sucks at every level, daaaamn 😵 View quoted note →

Hypno | seedkeys.xyz hypno@seedkeys.xyz 7 hours ago

WTF, lol. FIFA is as efficient as a government 🤣