Blog Documentation Book a Demo
Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

whisper security problem

onetwentyeightonetwentyeight
edited March 2007 in Vanilla 1.0 Help
hey.. one of my forum members discovered this, im just going to copy/paste him verbatim. This should definitely be dealt with.

"If you click the "quote" link next to any post, then change the comment ID in the URL, you can view comments that do not belong to you. I guess the quote script needs to have a security check added to it."

Comments

  • DinoboffDinoboff
    edited March 2007
    There is a fix for the ajaxquote extension. http://lussumo.com/community/discussion/4353/security-issue-with-ajaxquote/#Item_10
  • onetwentyeightonetwentyeight
    ah in the latest version? thanks. ill update now.
  • onetwentyeightonetwentyeight
    ohh i see. got it fixed. thanks!
  • DinoboffDinoboff
    I don't know... I tried to contact the author, but no answer. Then Minisweeper was suppose to update it for him, but a permission problem stopped him to do it. I don't know if it have been updated since.
This discussion has been closed.