1.3.6.1.4.1.61513Mar 18
bunnings trade site in firefox always runs through this login box thats dumped full of json for some reason. what crimes are going on
Show thread1.3.6.1.4.1.61513Mar 18

Looks like it just sets the redirectUri?

{"auth":{"operation":"trade_login","redirectUri":"https://trade.bunnings.com.au/sign-in"}}

Show thread1.3.6.1.4.1.61513Mar 18
I had to scratch that itch. this site has.... vibes
Show thread1.3.6.1.4.1.61513Mar 18
A lot of questions being asked about the "intranet" subdomain
Show thread1.3.6.1.4.1.61513Mar 18
I love that this host just like, has directory listing enabled as well
Show thread1.3.6.1.4.1.61513
I also love that companies just have their uat shit hanging out on the internet
Mar 18 at 2:16amWeb
Show thread1.3.6.1.4.1.61513Mar 18
what if we put our MCP server uri into an openid scope?
Show thread1.3.6.1.4.1.61513Mar 18

"you shouldn't be poking around at this stuff"

hey! it told me to!

Show thread1.3.6.1.4.1.61513Mar 18
this ones just... weird.
Show thread1.3.6.1.4.1.61513Mar 18

anyway, thats how you can find a bunch of interesting things to explore by just googling around for inurl:bunnings / domain:bunnings.com.au

why bunnings? not sure, got distracted.

Show threadCrystaleMar 18
@xssfox thanks, I hate it
Show threadAlesandro Ortiz 🇵🇷🏳️‍🌈Mar 18
@xssfox the emails, they are in the cloud
Show threadMorganMar 18
@xssfox if they don't fuck it all up then they'd be left to just seeing other people doing it!
Show threadDaniel CarosoneMar 18
@xssfox because despite the name, the testers doing user acceptance are not internal users, they're remote contractors.
Show threadColinMar 18
@xssfox You are giving me flashbacks to a project I was on in the 2000s which I might rant at you about if prompted should we ever be in direct ranting range.
Show threadAlexMar 18
@xssfox lol oracle cloud