₦airaland Forum

NairaX:
First, running active attacks against a live platform under the guise of “vulnerability scanning” is illegal without authorization.

Second, while you may think you’re making progress, you’re not. Your attempts have been unsuccessful. Our systems, content, rewards logic, and—most importantly—user wallet balances remain completely intact and unchanged.

We detected the activity early and took immediate action to neutralize it. You’ve already been disabled.

Let this be clear: do not attempt to interfere with user wallets or financial flows. That is a hard boundary. Any further attempts will trigger a response.

This is your warning. Don’t push it.

Before Abraham was, Jesus is.

Thank you.

Lol, and like VDM always say, you'll learn and you'll learn the heard way... There are at least 10 vulnerabilities on your platform, I only showed you one of them, and filtering for gmail, isnt the immediate action to neutralize that you think it is.

But like I said earlier, there are so many vulnerabilities on your platform! IT IS NOT READY FOR PRODUCTION!

Save your 13 Naira per person, go offline, get a cybersecurity analyst to work with!
If you refuse, I'll make sure you fix each and every vulnerability by force while you are online!!!

...

NairaX:
Just to clarify a few things here.

Vite is only being used as a bundler/dev server, not as a framework choice that defines the app’s security model. The app itself is plain vanilla JS, not React-driven logic on the backend.

Guest users cannot interact in any meaningful way — they can’t earn, vote, or affect rewards. Guest creation exists purely for read-only exploration and UX onboarding, nothing more.

All real interactions and earnings require full registration, and that route is email-validated and server-side enforced. Client-side IDs (including guest UUIDs) are never trusted for privileged actions.

So even if someone spammed /create-user with fake guest IDs, it doesn’t translate into earnings, voting power, or economic impact on the platform.

That said, you’re right in principle: public endpoints should always assume hostile traffic. Rate-limiting, bot detection, and CAPTCHA (Cloudflare Turnstile specifically) are already on the roadmap for guest-related endpoints as the platform scales.

Appreciate you taking the time to look through it.

Okay, cool, if you feel its secure, all good, done my part. Cheers. Ill check back in a few days, if I still see the vulnerabilities I'll have no choice but to make them all public. Cheers

I just checked your webapp, and I can see you have written it using React Vite. There are lots of vulnerabilities on it at the moment that anyone with knowledge of python can just take advantage of and bump up their earnings or spam the webapp with bot posts

I'm willing to discuss if you're interested in my findings.

One of many vulnerabilities is:

Guest Account Flooding ("Smurfing"
You defined a function Oi() that generates a guest ID.
The Code Logic: It generates a crypto.randomUUID() client-side and saves it to localStorage. It then sends this to /create-user along with browser info derived from the bt (UA-Parser) variable.

The Exploit: An attacker can generate millions of UUIDs locally and fire requests to /create-user using curl_cffi. They can cycle through User-Agent strings (which curl_cffi supports easily) to make it look like 10,000 different Android phones are signing up.

Result: They can create a botnet of "Guest" users to upvote content (ea function) or manipulate polls.


Immediate Defense for this, SET UP CLOUDFLARE CAPTCHA AT THIS '/create-user' ENDPOINT, pretty easy and fast to do

Film Directors and Cinematographers in Nollywood can relate with how long and stressful it takes to make a shortlist for your film, at least for people like me that love to shoot with a shotlist

I made this web app
https://shotter.live to help me solve that problem, you might find it useful too, try it out.

The app uses AI to breakdown a film script in pdf format and returns shots for the scenes.

I also made it a lot easier to add image references to the shots


NOTE: I ONLY MADE IT RESPONSIVE FOR DESKTOP FOR NOW, MOBILE SUPPORT IS STILL IN PRODUCTION.

Test it out while it’s free at the moment.

medube:
Hi everyone,

I'm looking to create an app like what the likes of Gokada, Bolt, etc have which has 2 ends, one for the customer and one for the vendor. An app which will tie customers to vendors for a particular service.

If interested and can do what I want, send me an email to aouad.fouad@gmail.com

Thanks.

So, you have 2 options, an app with real-time map update (very expensive, cos you have to pay google for every 1 second ping to their server to update rider location)

Or just an app that would connect riders to customers (you can create this in Adalo, very easy to do)

JejeIsLife:
please if you have a bike for sale, let me know oooo

I have 300k I want to buy a delivery bike such as Qlink, where can I get it

Check Jiji

Were you able to buy the bike and start the business?

Chinonso1000:
N375,000

How can I see pictures please

HOB777:
This Bikes are available in Lagos for your lucrative logistics/delivery business or personal use at #450k  each. Its 4months old and in perfect working condition.
Call or WhatsApp - 08035499009 for purchase as many as you want while stock last.
Sample available in Lagos.
For large purchase inspection- Warewa,Obafemi-Owode LG, Ogun.

Bike description:
Bajaj Pulsar 220F Key Specs
* Displacement – 220 cc
* Maximum Power – 20.64 Bhp @ 8500 rpm
* Maximum Torque – 18.55 Nm @ 7000 rpm
* Number of Cylinders – 1
* Number of Gears – 5
* Seat Height – 795 mm
* Ground Clearance – 165 mm
* Kerb/Wet Weight – 155 kg
* Fuel Tank Capacity – 15 litres
* Top Speed – 134 kmph
Selling: 450k
Don't miss this opportunity, it's rare.

Do you only have these in Yellow? Also, can it go for 350k/380k?

I’ll love to get this, but I only have 350 at the moment ���

letsdroom:
Bajaj Auto is a step ahead in comparison to other motorcycle brands as it is designing, manufacturing, and selling motorcycles which are fulfilling the needs of every user – from economical to high-end demand. The company has manufactured many entry-level bikes which every bike lover would want to ride. Bajaj has launched many motorcycle models in the country among which Dominar, Pulsar, Avenger, V, Discover, Platina and CT100 are the famous and running models. We have various New Bajaj bike models for sale in India. The lowest priced model Bajaj Ct 100 starts at ₹ 34.93 K (ex-showroom price) and the highest priced model Bajaj Pulsar Ss starts at ₹ 1.99 Lakh (ex-showroom price). If you want to Choose the best Bajaj bike from our comprehensive list and check the prices in your city, images gallery, specifications, ratings please visit our website : https://www.droomdiscovery.com/new-bikes/bajaj

Can these be gotten in Nigeria

Thewaves:
Wet in you wan use icloud locked 11pro do

Dem dey unlock am?

I wan test motherboard theory

anex4real1:
iPhone 11 iCloud lock for sale

Still available?