I decide to capture some screen because it's much easier than explaining everything in words.
Picture 1. I log in and see the list of default privacy groups on my privacy page.
Picture 2. I log out and then I type in mysite.com/member_privacy.php. Anyone can go there!
Picture 3. Ah! I see a list here and I can delete them without having to log in. I'm a bad guy :)
Picture 4. I log in and go to my privacy page. All the default privacy groups are gone!
Picture 5. Yep! All gone. All members can't use the default privacy groups anymore. :(
This definitely needs to be fixed. You should test this yourself and see what I mean. Make sure you backup your database. :)
|
WOW your right (tested and confirmed!), this is a huge security hole in the entire site and a new overlook needs to be conducted immediately to find other simular bugs.
It is amazing that the site's entire privacy settings can be changed by anyone who know's the url.
Boonex this issue is priority one and needs to be fixed immediate, do not let the issue lag in a que we need a fix today.
|
lol such a big hole ! scary isnt ?
Eli
Proud Hosted by Zarconia.net |
I not able to test this right now but by looking at the member_privacy.php file, it is suppose to check to see if your logged in:
check_logged();
$iId = isset($_COOKIE['memberID']) ? (int)$_COOKIE['memberID'] : 0;
$oPrivacyView = new BxTemplPrivacyView($iId);
Now, since this is cookie related, someone please try it like this:
Clear all browser cookies (if in FF click Tools>Clear Recent History). Also make sure that you have Active Logins checked. I would like to see if you could still navigate to that page as if you have never logged in or visited the site before.
Even if you cannot, members should not be able to delete ANY Privacy settings without permission.
Nothing to see here |
I not able to test this right now but by looking at the member_privacy.php file, it is suppose to check to see if your logged in:
check_logged();
$iId = isset($_COOKIE['memberID']) ? (int)$_COOKIE['memberID'] : 0;
$oPrivacyView = new BxTemplPrivacyView($iId);
Now, since this is cookie related, someone please try it like this:
Clear all browser cookies (if in FF click Tools>Clear Recent History). Also make sure that you have Active Logins checked. I would like to see if you could still navigate to that page as if you have never logged in or visited the site before.
Even if you cannot, members should not be able to delete ANY Privacy settings without permission.
Chris where do i have to insert that code ?
Thanks
Eli
Proud Hosted by Zarconia.net |
I understand zarcon. Booxen should have added that to that page. |
Eli,
the code is already there. You do not have to do anything with it :)
@ ptraick81, are you saying that when you cleared your cookies you were NOT able to get to that page and do that again? Just trying to clarify.
Nothing to see here |
I just checked the member_privacy.php file and guess what, that code is not working. :) I even clear my own cookies and I still can get to that page. not good |
I just checked the member_privacy.php file and guess what, that code is not working. :) I even clear my own cookies and I still can get to that page. not good
The same as here ! honnestly thank you patrick for leting us know about it !
It's a worry !
Eli
Proud Hosted by Zarconia.net |
Awesome find Patrick.. I just tested this on their own demo..NOT GOOD AT ALL
http://demozzz.com/dolphin7b/member_privacy.php
********* This needs to fixed IMMEDIATELY ***********
Chris
EDIT: What bothers me more is not knowing just what other settings pages you can get to without logging in. !! AHHHHHHHH
Nothing to see here |
Issue goes deeper.
If you click on the + or - buttons to add members to that privacy
group you can start searching all the members in the database. Add
everyone to a privacy group tha tis banned lol what a hackers dream..
Should we disable all members on the demo site into a dump privacy group to get their attention on this?
|
That might do it..BAN THEM ALL...lol j/k Lets keep this one going.. we will eventually get someones attention for continuous activity.. Nothing to see here |
Yes I do not advocate messing with a site's settings without permission, even if they left the barn door open with a huge blinking sign. |
|
|
Amazing find and yeah it sounds pretty scary :D
Without hijacking your thread (as this is not worth a new post i think), I also noticed something related to URL (not a bug) during testing, check it here -
Login to demoz and then paste this URL in your browser:
http://demozzz.com/dolphin7b/m/videos/albums/my/add_objects/any_album_name/owner/any_user_name
And upload a video and Dolphin successfully create's a new album with the name "any_album_name" and uploads
the video. Not sure how this would behave with permissions but
personally I think we should restrict users to create albums using URLs.
I try it , i did give me access denied , nothing special working normale . ops sorry i didn't log in to demo ! do i have to ?
Proud Hosted by Zarconia.net |
Post deleted by owner as it was not releavant to the post topic
|
Right now people can create their own album with any name they want. Don't hijack this thread off the main topic make your own as its a completely seperate issue. |
Life is a fatal disease, sexually transmissible - Virginity is carcinogenic! Ask here for vaccine. |
Nothing to see here |
yay! we can calm down here lol thanks MichelSwiss |
You are welcome :-) but all thanks have to go to patrick81 who discovered this problem ;-) Life is a fatal disease, sexually transmissible - Virginity is carcinogenic! Ask here for vaccine. |
Wow! Thanks.... that's a major glitch. My opinions expressed on this site, in no way represent those of Boonex or Boonex employees. |
is this one fixed or not yet ? if its what's the fix for it thanks . Proud Hosted by Zarconia.net |
Life is a fatal disease, sexually transmissible - Virginity is carcinogenic! Ask here for vaccine. |
! got to check it twice ! I can't manage to fix mine ! i follow the easy instruction added the new config deleted all the cash...and nothing changed , i know its fixed in the demo but mine not !
what's 13295 ticket for ? is it for the privacy settings or for something else ?
Proud Hosted by Zarconia.net |
is this one fixed for everyone ? Proud Hosted by Zarconia.net |
Sorry Eli... I made a mistake in the fix number :-(
This one is right ;-): http://www.boonex.com/trac/dolphin/changeset/13296
Life is a fatal disease, sexually transmissible - Virginity is carcinogenic! Ask here for vaccine. |
Sorry Eli... I made a mistake in the fix number :-(
This one is right ;-): http://www.boonex.com/trac/dolphin/changeset/13296
You don't have to be sorry man , am proud of you because every time there's a problem you are right there to open a ticket , i was just confused lol and wondering what am doing wrong that's all .
Thanks a lot :)
It's solved now .
Peace and bread .
Eli.
Proud Hosted by Zarconia.net |
Thank you Eli for your understanding ;-) Life is a fatal disease, sexually transmissible - Virginity is carcinogenic! Ask here for vaccine. |
