hi-paste just executes pastebin code
ex. http://hi-paste.glitch.me/?paste=HSQ1vtML executes html code from pastebin.com/HSQ1vtML
NOTE: using this with a paste without viewing the code is as secure as going on a random site which could have malware
source code https://glitch.com/edit/#!/hi-paste?path=public%2Findex.php%3A91%3A0 (yes it really just does if string in HTML code then warn)
Error: If you tried to print & lt; in your code it would be shown in the source as < because pastebin put < as & lt; in the site so
4 Likes
This seems like a bad idea. Paste’s can be edited (without any notice), so if it seems good one day, it can have malicious code the next day.
1 Like
Yes because virustotal and safeweb can detect a IP logger (you can make your own in like <30 seconds)
1 Like
I made my own script on it, it alerts if anything is detected
Shoot, even using apache2 can be an IP logger by itself (if you know how check logs)
You could send your user a random page (such as example.com/hduhdfedfj) and then run: cat /var/log/apache2/access.log | grep /hduhdfedfj to get their IP.
(don’t actually do this, this is just to make a point)
1 Like
Ok, I just used an Open Source IP logger, and it didn’t detect anything.
lol all this for warnings against IP logging so now i would have to detect
-alert boxes
-prompts
-iframes
-external scripts (yes really)
i added it it detects alerts, prompts, external content (but gives false alarms sometimesall the time)
Code can be made hard to read/detect.
1 Like
Yep, this is why I proxy user images.
But I have to agree with @aboutdavid , running random code seems like a terrible idea. Maybe you should have a confirmation before users run the code?
There is a alert (alert()) which scans using virustotal, but, it only caught 1/10 of my test.
Also, using VirusTotal shares your code, which is something you may not want public.