HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
JSON databases for developer addons
I have build a software that allows users who build plugins and want to store data easier. This uses PHP and JSON database to store and read data alone creating tables and more...
here how to add...
- Go to your plugin that you want to add
- Download PPDB.zip and extract it inside the plugin.
- Then go to the file you want the software to store data and type
- and the read the documentation to see what you can do to store data
Hope you guys enjoy use this addon for you feature addons that you make!
This library is a security nightmare and should be used by absolutely no one.
PPDB::encrypt is just the
openssl_encryptfunction to encrypt data, so if you like judging project without looking, then why judge?
I did look. It took me 90 seconds to find half a dozen security vulnerabilities. You've got SQL injections, reflected XSS vectors, and CSRFs in there and I barely started looking. It would take about 5 minutes to take control of a website using that.
well, I guess I learn to well then...
How would you know it will take 5 min. to take control of the webpage? have you done it before
But to be honest: I haven't checked if those are sanitized before. I was more frightened by the fact that the files can be written and read everywhere in the file system.
Moreover, it's not relevant for Vanilla. I can't think of any use case
I'm the person who set up and ran the Vanilla's HackerOne security bug bounty campaign for many years, which means I watched hackers try to break it every day in ways I'd never considered, even after 15 years of PHP experience and considerable security training. So, I've seen some stuff and have a keen sense for broken code.
I suggest not publishing any more code for others to use until you've studied PHP security a bit. This is a fine starting place: https://phptherightway.com/#security
just like your mom