Tampering with generatorName

I have recently discovered this but apparently you can tamper with the generatorName variable to use another generator’s name despite that it’s a different generator name, in other words, identify that as another generator. This could be used to play with some sort of things that you can’t in a normal circumstance, like accessing the comments from another generator, even from deleted or renamed generators.

@perchance

    • allo@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      8 months ago

      yes i made myself admin using my own password on another generator that i had renamed to yours and accessed the comment section of. tried to delete some of your comments (innocently, lol) and thankfully i was only able to delete them on the copy generator i had made and not on your main comment page. the option to delete did not show up while i was shown as admin of yours. at least Seems not dangerous.

      the gallery thing highly dangerous tho. i have antiprompts preventing people from generating nazi’s, gore, etc in to mine; and i have seen other people do similarly to protect their galleries. the very first gallery i entered perchance on, pretty-ai, is set up this way to prevent child pron with antiprompt against phrases like ‘little kid’. Being able to stick stuff in people’s galleries from afar bypasses this protection and allows trolls to fill anyone’s gallery with anything. And I have seen that trolls love filling people’s galleries with horrid stuff just to hurt them.

      hope @[email protected] is eventually reached because i see the possibilities in this weakness and it bad. like horrible gaping hole of unprotection style weakness. no ability for gallery admin to moderate + bypass prompt barriers from afar and stick stuff in people’s galleries. im just repeatedly mentioning @[email protected] because it seems bad enough that idk how it couldn’t be a thing to fix

      maybe if we ping @[email protected] sevenhundred million times they will realize there is something unusual up today and check it out.

      i, from here, https://perchance.org/who-am-i , stuck the middle image in to the gallery of here https://perchance.org/beautiful-people

      • VioneT@lemmy.worldM
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        8 months ago

        I guess as long as it doesn’t affect the original, and just ‘copies/mimics’ the original it is alright. But abusing it and ‘impersonating’ is one of the things that could happen.

        EDIT: Upon changing the generatorName in a text-to-image-plugin with gallery, I was able to push an image to it and save into the gallery from another URL. - this use case could be abused.