Hi every body
take a look here ;)
http://www.domain.tld/forum/index.php?action=helpadmin%3bhelp=THIS%2520SITE%2520HaCKED%2520BY%2520EVERYTHING%2520@%2520EVERYTHING.com
we have this problem in every SMF version
i mean 1.1.4 and older...
just replace the "domain.tld" with your desire SMF forum & change the continue sentence
...
HACKED!!!
please do something about this
Thanks
Indeed this was reported before. http://www.simplemachines.org/community/index.php?topic=189591.0
All they can do is add text. The text is escaped so they can't hack/expoit your site.
See the last post on the above link where I posted a fix for it.
Would be nice if this got added to the bug tracker so even thought its not a security risk, it still needs quashing.
Okay!
thanks for your fast response
but this bug was reported on previous version "1.1.3"
why didn't Simplemachines didn't do any action in new release?
Thanks
it may have got missed.
I've got no idea. Hopefully this time it will get added to the bug tracker.
Its more of a feature than a bug.
I don't remember the developers reasons but they coded it purposely so you could do this. This is why it is cleaned up before it allows it ;)
afaik the the helpadmin is part of the 'admin' for the popup question mark for help. This does not as far as i remember show up outside of the admin.
Therefore would it be prudent to make it 'admin only'. (even if just for the last bit)
the link can be used outside admin help. But this poses no threat at all. You can't do anything with it besides make it say cool things :P
Linky :P (http://www.simplemachines.org/community/index.php?action=helpadmin;help=SleePy%20rocks)