I decided to browse Codeforce submission for a question that I completed and I saw this. I doubt this guy will do much harm but I still find it quite funny.
→ Pay attention
Before contest
CodeTON Round 9 (Div. 1 + Div. 2, Rated, Prizes!)
40:45:09
Register now »
CodeTON Round 9 (Div. 1 + Div. 2, Rated, Prizes!)
40:45:09
Register now »
*has extra registration
→ Top rated
| # | User | Rating |
|---|---|---|
| 1 | tourist | 4009 |
| 2 | jiangly | 3823 |
| 3 | Benq | 3738 |
| 4 | Radewoosh | 3633 |
| 5 | jqdai0815 | 3620 |
| 6 | orzdevinwang | 3529 |
| 7 | ecnerwala | 3446 |
| 8 | Um_nik | 3396 |
| 9 | ksun48 | 3390 |
| 10 | gamegame | 3386 |
→ Top contributors
| # | User | Contrib. |
|---|---|---|
| 1 | cry | 167 |
| 2 | Um_nik | 163 |
| 3 | maomao90 | 162 |
| 3 | atcoder_official | 162 |
| 5 | adamant | 159 |
| 6 | -is-this-fft- | 158 |
| 7 | awoo | 157 |
| 8 | TheScrasse | 154 |
| 9 | Dominater069 | 153 |
| 9 | nor | 153 |
→ Find user
→ Recent actions
Codeforces (c) Copyright 2010-2024 Mike Mirzayanov
The only programming contests Web 2.0 platform
Server time: Nov/22/2024 00:49:52 (i2).
Desktop version, switch to mobile version.
Supported by
Auto comment: topic has been updated by HatedFate (previous revision, new revision, compare).
Auto comment: topic has been updated by HatedFate (previous revision, new revision, compare).
Lol. seems like someone is trying to practice "Command Injection" on codeforces xD
ctf... cf might get hacked like this
Possibly tell him that hacking sites without permission is illegal before he gets in trouble.
Edit: nvm this was all 3 months ago. It looks like he ended up sending messages from cf servers using python's socket library. I wonder why the admins haven't disabled such libraries.
The way to address this is not to disable the libraries, the way to address this is to block network access (relevant syscalls or similar), preferably by using a proper sandbox.
I didn't believe this would actually make a request but it does. I tried this: 265945617 and sure enough, it actually made a request, there is a log event of that on my server.
EDIT: and it can receive too! 265946029 I think this might actually turn out to be a serious vulnerability.
Damn, did I uncover something crazy or is it known for a while now?
my man just printed 69 on his private server. man of culture indeed
So theoretically you could send over test data to a private server that could run embarrassingly parallel code on a cluster (let's say, running $$$O(n!)$$$ when the intended is $$$O(\textsf{poly}(n) 2^n)$$$) and print the result to CF stdout?
Seems like an even more cursed way of solving Watermelon!
theoretically speaking, you can basically write a script to do so, for a non-interactive problem at least, so basically someone can get the full systests, if he just tries so many directories to finally find the systest folder...