HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Search
-
Re: Warning: Potentially serious security issue if you use jsConnect and reinstall your site.
-
Re: Warning: Potentially serious security issue if you use jsConnect and reinstall your site.
Bingo! The ForeignUserKey is the culprit. The master website passes 3 as the User ID (which is the site's internal User ID). That matches an existing User, which is overwritten. Why does it happen now, and it didn't happen before? The master website has been moved to another server and reinstalled completely from scratch.… -
Re: Warning: Potentially serious security issue if you use jsConnect and reinstall your site.
@Lincoln That's not the case. Both User Name and Email are completely unique. I reproduced the issue for the first time, and, for some reason, User ID 2 gets overwritten with new data. Before this happens, the existing Users are the following: - Admin. ID: 1, email: admin@xyz.com - Steve. ID: 2, email: steve@xyz.com -… -
Re: Warning: Potentially serious security issue if you use jsConnect and reinstall your site.
My User ID (Super Admin) is 1, and the Admin column in User table is zero for the new User. Tables haven't been touched by anyone except Vanilla itself. One more interesting finding, which clarifies what may have happened, but not why: I have some Users created by JsConnect with ID 4, 5 and 6 (6 was the highest User ID in…
4 results