教えてえろい人 同じタイミングで同じIPから別の内容のpostrequest飛んできたら基本的にどう処理されるの？

🚨On April 13, 2026 at 03:55:23 UTC, a helper contract deployed by the attacker used Hyperbridge's @hyperbridge Ethereum-side ISMP message path to deliver a forged governance-style PostRequest into TokenGateway through HandlerV1.handlePostRequests(...). 💡The exploit is best classified as an access-control failure at the proof-validation boundary. More specifically, HandlerV1 accepted a malicious cross-chain request as authentic because the attacker abused an index-handling flaw in the Merkle Mountain Range proof verifier: the forged request was submitted with a crafted leaf/proof combination that caused the verifier to accept the stored overlayRoot without actually binding the forged message commitment into the computed root. As a result, a fake request claiming to originate from Hyperbridge governance (POLKADOT-3367) passed validation and was dispatched downstream as trusted input. Once delivered to TokenGateway, the forged payload was decoded as a ChangeAssetAdmin action for the bridged DOT asset. Since the gateway’s governance path trusted any request whose source matched host.hyperbridge(), it executed changeAdmin(...) on the ERC6160 DOT token and reassigned admin rights to the attacker helper. That immediately gave the helper effective mint authority, allowing it to mint 1,000,000,000 DOT, approve the Odos router, and dump the full balance through Odos / Uniswap v4 swap infrastructure for 108.206143512481490001 ETH, which was then forwarded back through the attacker’s contracts to the EOA. 👇More concrete vulnerable code snippets show below.

🚨 GoPlus Security Alert: -99% Crash ❗ @hyperbridge’s Gateway contract on Ethereum was exploited via a forged cross-chain state proof attack. The attacker maliciously minted 1 billion DOT and dumped it on-chain, extracting approximately $237K in profit. The attacker bypassed verification by forging ISMP state proofs, submitting a malicious PostRequest to HandlerV1, and executing the ChangeAssetAdmin operation to transfer minting authority to a contract under their control. The attacker then minted 1 billion DOT and rapidly swapped it into 108.2 ETH (~$237K) via Odos Router Uniswap V4 before withdrawing the funds. Attack transaction: etherscan.io/tx/0x240aeb9a8b… Attacker address: 0xC513E4f5D7a93A1Dd5B7C4D9f6cC2F52d2F1F8E7 Affected token: DOT (Relay Chain) - 0x8d010bf9C26881788b4e6bf5Fd1bdC358c8F90b8 Following the attack, the price of bridged DOT on Ethereum collapsed instantly (from ~$1.22 to ~$0.009), while native DOT on Polkadot showed only minor fluctuations.

C but using Request DTOs, so: Auth::user()->posts()->create($postRequest); where postRequest is a proper typed object which is validated at the point it reaches the controller.

📝 Build a Complete Registration Form in React JS (With Error Handling) 🎬 Watch Now: youtube.com/shorts/Bxfa1rUXG… #ReactJS #WebDevelopment #ReactTutorial #FormValidation #POSTRequest #ReactForm #ReactHooks #FrontendDevelopment #JavaScript #WebDevTutorial #CodingTutorial #TechTutorial #ReactJSForBeginners #BuildWithReact #LearnReact #ReactFormValidation #Programming #WebDevelopmentTutorial #TechCommunity #CodeNewbie #ReactDevelopment

Some more of my most used: postrequest: github.com/postrequest deadjakk: github.com/deadjakk hakaioffsec: github.com/hakaioffsec 2vg: github.com/2vg

It’s official gift by the Manager.. #fanrequest #postrequest #SUSHEELA #sundayvibes

Using the SQL injection vulnerability we detected, we could access all tables and data in the database. Read more 👉 securityforeveryone.com/blog… #ServesEducationInstitutions #WebBasedApplicationDeveloped #SqlInjectionVulnerability #OpenSolutions #PostRequest #Find0Days

Laravel共同開発の作業報告をシェアします 11/1 ■投稿機能の再プルリクエストまで バリデーションをかけること、投稿後のControllerのを記述した。 バリデーションメッセージを変更するために、PostRequestでメッセージを入力したが、validation.phpの方が優先になるようです。 #プログラミング

postrequest / link: link is a command and control framework written in rust ★301 github.com/postrequest/link

postrequest/link: link is a command and control framework written in rust #Cybersecurity #infosec #security github.com/postrequest/link

#postrequest #cocktribute, beautiful gf i got to tribute, absolutly stunning!

postrequest / link: link is a command and control framework written in rust ★122 github.com/postrequest/link

@noraj_rawsec added some tools to the inventory: ✨ CTFNote @FlatNetworkOrg ✨ link by postrequest ✨ Interactsh by @pdiscoveryio inventory.raw.pm/

もうすぐ記念すべき100投稿目です！今回はかなり実用的なのでは？と勝手に思ってます。 KNIMEの実行完了通知をTeamsに投稿する方法を解説します。 #KNIME #ETL #自動化 #Webhook #PostRequest #Nocode #ノーコード #はてなブログ KNIME - 実行完了通知をTeams / Slackに投稿… degitalization.hatenablog.jp…

D22 More API Project Work! #postrequest #mongoose #dbs #100DaysOfCode

Making GET requests is easy. Just type the URL in the browser and you are good to go! But what about POST requests? We have come up with a free browser-based tool just for POST requests. metamug.com/post-tester/ #API #postrequest #http #apitestingtool #100DaysOfCode #json

Another great opportunity for control validation (or not): GitHub - postrequest/xeca: PowerShell payload generator github.com/postrequest/xeca