AAO25.com

Assist => Support => Topic started by: Petrol on Friday, January 03, 2014, 13:37:57 PM

Title: Shoutbox security issue :)
Post by: Petrol on Friday, January 03, 2014, 13:37:57 PM

Deer Damn Admins.
I would like to inform that you have mad another terrible security fail.

The problem is that shoutbox posting script /stats/proces_shout_assist.php inst enough secure for unauthorised post send. In cause of this it is possible to send message signed by name of someone who actually is playing.

Title: Re: Shoutbox security issue :)
Post by: Spanky on Friday, January 03, 2014, 13:40:51 PM

I don't see the part where you suggest a fix.

Title: Re: Shoutbox security issue :)
Post by: Petrol on Friday, January 03, 2014, 13:44:28 PM

I'm sorry, I've forgotten to write it and I'll do it in folowing lines.

I think that if you want to fix it you should use this device:
(https://aao25.com/forum/proxy.php?request=http%3A%2F%2Fi43.tinypic.com%2F5x0oz6.jpg&hash=1ee70ee5a0637e3998ce7097e2a4b8bf)

Title: Re: Shoutbox security issue :)
Post by: Spanky on Friday, January 03, 2014, 13:44:50 PM

Thanks for the help.

If you actually want to be helpful instead of just exploiting and trolling, use the PM system.