Learn to Code via Tutorials on Repl.it!

← Back to all posts
The safety of replit. Is replit really as safe as people think?
HackermonDev (2020)

Before I start this, I just wanted to say, this isn't mean to scare you into not using repl.it and I am just staying some security things they need to fix. I'll probably get banned or get a warning from this post but it is worth it.

The Safety of Replit


There are a lot of bugs on repl talk that people barely notice or thing about. The first thing is images. Everyone knows that you can easily link images however you want on a post on repl talk. But have you ever thought of not linking an image but something else instead. This is my first example. By visiting this post I just logged you out of your replit account. You should be able to easily guess how this works. So basically I attached an invalid image up above. Repl.it doesn't verify whether that is a real image or not and just tells your browser to request it. Your browser sends a request to https://repl.it/logout and it logs out out. (Feel free to log back in lol)


The second thing I want to show you is how I can easily get your IP address. Now before I do this I just wanted to say that I am not logging it in anyway and all it is doing is displaying a image (the repl that is doing it is below this post and is public). The image below shows your IP address (IPv6 or IPv4).


It is very easy how I bypass the repl proxy things. I used CloudFare nameservers and CloudFare sends me a header telling me what IP connected to my website and then I used an text to image api to display the image.

If I can easily do this, why cant other people do it? In fact, other people may have already done it and someone else might already have your IP.

Edit: Looks like they fixed it :)

CodingCactus (4355)

the ip picture doesn't work, and i just use an ad blocker for that logout thing

Bookie0 (6258)

report to feedback I guess?

wait test