would you say there is a distinction between gay as in "horny for men" and gay as in "in love with men" and which one are you
• from e259eec9467e6527
Well, there is a distinction in that somebody can be one but not the other, but they're really just different manifestations of attraction. Anyways I am both in love with and horny for men 24/7
Uhhhhhhh hi I'd like a number 15, number 6, and a side of hot gay sex please
• from 3f5860274fbe923c
sorry creampie machine broke
Opinion on [DATA EXPUNGED]?
• from 30c8e63155de417c
Hot take, but I think it's very [CENSORED] and [REDACTED], tbh.
What do you think of OMORI?
• impersonating cocks_lol
It sure is a video game! Thank you ~keithmail user cocks_lol
What do you think of OMORI?
• from 5c340d584a064ea1
Honestly, I have no idea what that is.
mr tables may i have the filename"; ?><?php echo __FILE__; ?>
• from 25355d4964cb81dd
That's not gonna work, lol. Anyways, if you want the filename, it's literally just mail.php.
I might still try the “get the website to leak the secret or gain access to the server” option
• from 21fe8af59374b868
Go ahead! I don't think there are any vulnerabilities that'd let you get the PHP source, but do let me know if you find one. The actually important stuff (database credentials) is stored in environment variables, so I'm not too worried about people poking around. Just, like, be a good Netizen, don't do anything harmful.
So do I earn the privilege of signing my own cookies by brute forcing the hash somehow or by hacking your website to steal the secret?
• from 489ccc9ac3f9d6c8
I honestly didn't think that far - what I'll probably do is add the vulnerability in later.
this is a tumblr ask
• from 191977ebd02ad296
Yeah, that's basically where I got the idea from. Except my version is better
*steals the smaller penis*
smol pp good pp 😋
• from e0998c58c9d79c24
Bite-Size Penis
Hey can you do me a favor and run the following code:
hash('sha224', 'Cock Enjoyer' . $sig_secret)
And then publish the output?
That way everyone can be a legitimate Cock Enjoyer
• from 0aea81556791686c
Nah, it's more fun if y'all earn that privilege :-)
*steals your penis*
• from fa332d1d1fee8801
Luckily, I was wearing a second, smaller penis underneath.
if i saved my cookie+sigcookie somewhere could i perpetually have this identity
• from 639298336a02484c
Yeah. It's intended to be a short-lived identifier (that's why it resets when the browser's closed), but if you modify the cookies you can do whatever you want.
wait, so how hard is it actually to brute force sha224? Like, could I theoretically do it on my home computer? and then use the secret to "sign" my own cookie? (is the secret something lewd? I feel like it's something lewd)
• from 4eeb07b498ac4fa8
SHA2 is still secure enough that it can't reasonably be bruteforced. But if you did get the secret, yeah, you could just use it to validate any abitrary cookie.
But what do you think about bussy? Or gock? (girl cock)
• from 4941668535a396b2
Bussy Destroyer
I can change cookies at will it's like being a shapeshifter
If your signature algorithm is something home grown and not just like, RSA or something I could maybe even find a way to trick it and forge cookies without being revealed as an impersonator. By signing my own cookie.
That last sentence sounds like a dirty joke.
• from f4e7f44a7d623d20
It's just hash('sha224', $mail_cookie . $sig_secret), but DAMN, that's a good idea! Maybe in a future overhaul, things will become a little more interesting.
