Hacker Posts – Hack Club Scrapbook

t-minus 1 day till hackpnw means wework bellevue time :)

https://cloud-n00fly95l-hack-club-bot.vercel.app/0img_5969.jpg

Wtf slack didn't post my message to scrapbook - good thing streaks are broken! Anyways: home is nice

https://cloud-h7ga6d0ie-hack-club-bot.vercel.app/0image_from_ios.jpg

~~today I uh, today I actually hacked my bank.~~ wait, that sounds illegal. okay today someone you may or may not know may have hacked their bank and I am inexplicably aware of the situation. imagine, in this hypothetical scenario, someone wants to use "ced@misguided.enterprises" to receive all of their banking emails. but the bank webapp is trying, for some very stupid reason, to validate emails with a regex, and that regex is "^[A-Za-z0-9_]+[a-zA-Z0-9._%+-]+@[a-zA-Z0-9._-]+\.[a-zA-Z0-9]{2,3}$". notice that last part, which allows for 2 or 3 alphanumeric characters following the last .. you can imagine how that might clash with someone's email. now, you might be thinking, ced, i know it's tempting to just sidestep their clientside verification, but that's technically circumventing access protocols. that sounds really illegal! and you're totally right, which is why whoever did this probably has HORRIBLE impulse control ... the second image demonstrates someone putting a break point on the line that actually sends the request and at that point, n in the watch window should be the variable on the left, so that someone will be able to modify the new email to the unvalidated one ... whoever did this probably discovered a couple useful things about chrome devtools in the process that they weren't already aware of ...

https://cloud-f8zzf9b2k-hack-club-bot.vercel.app/0image.png

https://cloud-bdwmsewcs-hack-club-bot.vercel.app/0image.png