Hacker Newsnew | past | comments | ask | show | jobs | submit | CharlesChadwick's commentslogin

I'm not too sure about this theory; just went on the DOGE site and the API endpoints don't allow for POST requests, and I can't find anything that allows me to upload


Just checked the DOGE website; I'm not too sure about this theory given that POST requests are blocked and the only APIs you can find (ie. /api/offices) only supports GET requests and if the UUID doesn't match, it 404s.

I don't see any CRUD endpoints for modifying the database


DOGE noticed. They might have "fixed" the vulnerability by now

https://doge.gov/workforce?orgId=69ee18bc-9ac8-467e-84b0-106... is what's linked to by the "Workforce" header, and it now looks different than the screenshots


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: