this post was submitted on 01 Sep 2025
52 points (89.4% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

64266 readers
738 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others

Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):

🏴‍☠️ Other communities

FUCK ADOBE!

Torrenting/P2P:

Gaming:

💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 2 years ago
MODERATORS
db0@lemmy.dbzer0.com
sunbrothersco@lemmy.dbzer0.com
Flatworm7591@lemmy.dbzer0.com
RandomLegend@lemmy.dbzer0.com
Andromxda@lemmy.dbzer0.com
CosmicTurtle0@lemmy.dbzer0.com
tenchiken@lemmy.dbzer0.com
unruffled@anarchist.nexus
52
Who is dab.yeet.su (lemmy.dbzer0.com)
submitted 2 weeks ago by 10x10@lemmy.dbzer0.com to c/piracy@lemmy.dbzer0.com
22 comments fedilink hide all child comments
 

This is such a great music service but I'm wondering who is behind it and why they provide it? It must be costing them something to host the site. Interesting that Cloudflare stats show its biggest user base is India.

you are viewing a single comment's thread
view the rest of the comments
[–] BlueRingedOctopus@lemmy.dbzer0.com 7 points 2 weeks ago (2 children)

It gives you literal FLAC files, how are they gonna be malicious!?

People need to stop over analyzing things, its just a qobuz ripper, people who want to help the community provide them with Qobuz tokens that don't expire as often as Deezer, now they just rip from Qobuz on your request, as simple as that. Firehawk is also building a similar site from scratch.

[–] chirping@infosec.pub 1 points 3 days ago

Well it's both possible, and has been done. both with mp3s and FLAC, not too long ago. It's not the format itself, but rather the applications parsing the files that are the target.

CVE-2023-37327: A remote code execution vulnerability in GStreamer’s FLAC file parser caused by an integer overflow. Carefully crafted FLAC files could exploit this flaw to run arbitrary code on the target system

https://nvd.nist.gov/vuln/detail/CVE-2023-37327#%3A%7E%3Atext=GStreamer+FLAC%2Ccode+on

[–] Coopr8@kbin.earth 6 points 2 weeks ago (1 children)

I mean, a website where you make requests to download many files are pretty ripe for a bate and switch scenario. That said, I'm looking for more cybersecuroty savvy folks than myself to chime in with the all-clear after doing some actual checks and analysis.

[–] ArcaneSlime@lemmy.dbzer0.com 4 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

bate and switch

Is that when you use your left hand?

[–] Coopr8@kbin.earth 2 points 2 weeks ago (1 children)

Lol, yep, then do a malicious redirection attack after getting a large user base which forces a drive-by-download of a malware package alongside the requested FLAC file.

[–] ArcaneSlime@lemmy.dbzer0.com 1 points 2 weeks ago (1 children)

(The joke was: you mean "bait and switch." "Bate" is short for "masturbate.")

[–] Coopr8@kbin.earth 1 points 2 weeks ago

Yes, I know, thats why I lol'ed