Reddit Official App: "I am able to take mod actions on a sub I'm not a mod in." : reddit

526

Reddit Official App: "I am able to take mod actions on a sub I'm not a mod in." (lemmy.world)

submitted 1 year ago by [email protected] to c/[email protected]

25 comments fedilink hide all child comments

cross-posted from: https://lemmy.world/post/1660712

The hits just keep coming.

you are viewing a single comment's thread
view the rest of the comments

[-] [email protected] 21 points 1 year ago

Wish they had gone through with it. The app is just a front-end that sends requests to the server, presumably the server is where authentication happens (otherwise everyone could just pull up dev tools on their desktop and become insta-mods of any sub with a few tweaks). That being said, if it was a server-side bug, then they have a big problem; otherwise it's just little more than a graphical error.

[-] [email protected] 12 points 1 year ago

Broken authorization is absurdly common, especially if they involve graphQl. I wouldn't be surprised if it worked.

this post was submitted on 17 Jul 2023

526 points (99.3% liked)

13591 readers

3 users here now

founded 5 years ago

MODERATORS

[email protected]