I decided to browse Codeforce submission for a question that I completed and I saw this. I doubt this guy will do much harm but I still find it quite funny.
→ Обратите внимание
До соревнования
EPIC Institute of Technology Round Summer 2024 (Div. 1 + Div. 2)
2 дня
Зарегистрироваться »
EPIC Institute of Technology Round Summer 2024 (Div. 1 + Div. 2)
2 дня
Зарегистрироваться »
*есть доп. регистрация
→ Лидеры (рейтинг)
| № | Пользователь | Рейтинг |
|---|---|---|
| 1 | tourist | 3845 |
| 2 | jiangly | 3707 |
| 3 | Benq | 3630 |
| 4 | orzdevinwang | 3573 |
| 5 | Geothermal | 3569 |
| 5 | cnnfls_csy | 3569 |
| 7 | jqdai0815 | 3532 |
| 8 | ecnerwala | 3501 |
| 9 | gyh20 | 3447 |
| 10 | Rebelz | 3409 |
| Страны | Города | Организации | Всё → |
→ Лидеры (вклад)
| № | Пользователь | Вклад |
|---|---|---|
| 1 | maomao90 | 171 |
| 2 | awoo | 163 |
| 2 | adamant | 163 |
| 4 | maroonrk | 151 |
| 4 | nor | 151 |
| 4 | -is-this-fft- | 151 |
| 7 | TheScrasse | 147 |
| 7 | atcoder_official | 147 |
| 9 | Petr | 145 |
| 10 | pajenegod | 144 |
→ Найти пользователя
→ Прямой эфир
Codeforces (c) Copyright 2010-2024 Михаил Мирзаянов
Соревнования по программированию 2.0
Время на сервере: 28.06.2024 13:51:51 (i1).
Десктопная версия, переключиться на мобильную.
При поддержке
Auto comment: topic has been updated by HatedFate (previous revision, new revision, compare).
Auto comment: topic has been updated by HatedFate (previous revision, new revision, compare).
Lol. seems like someone is trying to practice "Command Injection" on codeforces xD
ctf... cf might get hacked like this
Possibly tell him that hacking sites without permission is illegal before he gets in trouble.
Edit: nvm this was all 3 months ago. It looks like he ended up sending messages from cf servers using python's socket library. I wonder why the admins haven't disabled such libraries.
The way to address this is not to disable the libraries, the way to address this is to block network access (relevant syscalls or similar), preferably by using a proper sandbox.
I didn't believe this would actually make a request but it does. I tried this: 265945617 and sure enough, it actually made a request, there is a log event of that on my server.
EDIT: and it can receive too! 265946029 I think this might actually turn out to be a serious vulnerability.
Damn, did I uncover something crazy or is it known for a while now?
my man just printed 69 on his private server. man of culture indeed
So theoretically you could send over test data to a private server that could run embarrassingly parallel code on a cluster (let's say, running $$$O(n!)$$$ when the intended is $$$O(\textsf{poly}(n) 2^n)$$$) and print the result to CF stdout?
Seems like an even more cursed way of solving Watermelon!
theoretically speaking, you can basically write a script to do so, for a non-interactive problem at least, so basically someone can get the full systests, if he just tries so many directories to finally find the systest folder...