HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Hijacking reactions
System_Error
New
in Feedback
WTF
In another forum that I am on there has been lots of people hijacking eliminated reactions like this.
6
Comments
please supply more information , you may be using the hosted version ? what reactions are you referring to ?
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
Like
Looks like someone hijacked the javascript for that and could have injected it in a post. Look for suspicious posts and delete them. disable reactions if you can until you have found the cause.
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
<a class="Hijack ReactButton ReactButton-WTF" href="/react/comment/WTF?id=178264" title="WTF" rel="nofollow"><span class="ReactSprite ReactWTF"></span> <span class="ReactLabel">WTF</span></a>It's just html
LMAO !
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
It was figured by looking into the HTML code.
Disagree
http://battlebears.vanillaforums.com/
And using the eliminated reactions was banned.
Do you want to know how to block it ?
Do you have HtmLawed enabled ?
check your config to see what you have for this:
$Configuration['Garden']['Html']['SafeStyles']= TRUE; // disallow style/class attributes in html to prevent click jacking
you can add more stuff to block here in the class.htmlawed.plugin.php
if ($this->SafeStyles) { // Deny all class and style attributes. // A lot of damage can be done by hackers with these attributes. $Config['deny_attribute'] .= ',style';❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
How did you guys add disagree reaction to vrijlinders posts ?
There was an error rendering this rich post.
I will pass this on to the powers that be.
grep is your friend.
The same way I added Like to this post, I am sure they used more code to make it come up under the posts.
I think the editor needs to be locked down for this stuff
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
lol the script kiddies are out in force today, at the end of the day a simple dynamic link/nonce would be sufficient for reactions. No need for high end verification.
fap fap fap do the script kiddie shuffle
grep is your friend.
Also, are there emoticons enabled here? Because I used the HTML to bee able to use emoticons in PMs which was previously never done on the forum that I'm on
= <span class="Emoticon Emoticon39"></span>Edit: nope ill have to get the plugin embedded in the post.
so does this mean that people are going to be allowed to give each other likes and other reactions by hijacking the react buttons and posting them or just hacker boy? i missed out on the likes when did that stop and why ?
It was superseded by the awesomes and the insightfuls, to fine tune the like as to whether you liked it because it was awesome or because it was insightful. So would this be an awesome answer or an insightful answer. Probably insightful in my book. I tend of think of awesome - "wow you helped me" or "that looks great" or "your gonna add a new this or that" and I think of insightful as "I never thought of that" or "that looks interesting". So, in summary, "Likes" were yesterday's answer to today's "awesome and insightful". And when you are "speechless" or "something tickles your funnybone" or "you want to add a point" - lol comes in handy.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
Add Pages to Vanilla with the Basic Pages app
Storm in a teacup. It will get fixed, it is not like it is going to shake the core of the earth.
grep is your friend.
This is interesting going to read about this.