An API endpoint is just a URL with a value added onto the end that tells the system what you want to get back.
Right, I did some reading and here’s what likely happened with Parler. Lots of crossed wires here.
An API endpoint is just a URL with a value added onto the end that tells the system what you want to get back.
If you had a working URL, it just spat out whatever it had whether you were logged in or not.
I cannot describe how amateur hour this is, if true.
Okay so the admin accounts - they discovered an API endpoint that let them enumerate admin users.
This is also so unbelievably bad that it boggles the mind, from a web dev perspective
The admin accounts were not compromised, apparently, but holy fucking shit you DO NOT expose admin account data EVER. That is asking to get hacked even more.
Happy fucking Monday, let the train wreck of this week begin