News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

Found a Security Risk!!!! In SMF Shop!!

Started by Chirantha, December 08, 2005, 12:15:05 PM

Previous topic - Next topic

Chirantha

Hi,

I was wondering and looking at the SMF Shop Mod (1.3) code and I found a security risk were people eran points easyly. I know how to fix this and I have fixed my forums :D.

Shall I post the problem here? I don't think posting the problem here would be nice because people might use it on un-upgraed Shops.

Contact me or PM me to fix this problem. Only thing I should avice to you'll turn off the point system for now it an very open security problem.

Set the

Points per post =0
Points per topic = 0
Back Intetrest =0

^That should help you avoide the security problem

(Hint:  I got over 100000 points lol)

Thank you,
Chirantha

1MileCrash

figuring out how to earn points is a security risk?

why not just pm the mod's author?
The only thing php can't do is tell you how much milk is left in the fridge.



Chirantha


1MileCrash

The only thing php can't do is tell you how much milk is left in the fridge.



Saku


Chirantha

Quote from: Sakuragi on December 08, 2005, 01:53:50 PM
Quote from: Sakuragi on November 30, 2005, 09:54:29 AM


Bug : You must modify the name of dointerest.php, if not the members can add the interests when they want.
http://www.site.com/forum/Sources/shop/dointerest.php

Hum... That's not going to work because I can use a spider tool to serch the site and locate the file and then execute it

Advertisement: