Bug in Post thanks - not secure! - TalkPHP

Account Login

Latest Articles

The basic usage of PHPTAL, a XML/XHTML template library for PHP

by awuehr on 11-10-2008 in Tips & Tricks

Vulnerable methods and the areas they are commonly trusted in.

by Village Idiot on 11-04-2008 in Classes & Objects

Simple way to protect a form from bot

by codefreek on 10-23-2008 in Basic

The Basics On: How Session Stealing Works

by wiifanatic on 09-12-2008 in Security & Permissions

How to keep your forms from double posting data

by drewbee on 07-03-2008 in Tips & Tricks

IRC Channel

IRC Speech Bubble

Join the friendly bunch on IRC...
(#TalkPHP on Freenode)

...Also available via a web interface.

See this thread for information on the TalkPHP Free Hugs Initiative™. Subject to availability.

Associates

Associates

TalkPHP » Bug in Post thanks - not secure!

Reply

Search this Thread

01-22-2009, 09:45 AM	#1 (permalink)
Y.P.Y The Wanderer Join Date: Sep 2008 Location: Tehran - Iran Posts: 6 Thanks: 35	Bug in Post thanks - not secure! Hi, I find a bug/vuln. in Thank plugin! Its not secure! Plz check for updates(Patch). http://www.talkphp.com/post_thanks.p..._thanks_add&u=' GL. __________________ http://Yousha.Blog.ir/

The Following User Says Thank You to Y.P.Y For This Useful Post:

Yoosha (03-17-2010)

02-04-2009, 01:52 AM	#2 (permalink)
Wildhoney La Vida es Sueño Join Date: Sep 2007 Location: Oldham Posts: 2,280 Thanks: 90	Thanks for pointing this out. However, hmm, I get a "Content Encoding Error" error for that. How does this URL differ from the one on the "Say Thanks" button, apart from you've substituted the p parameter for u? __________________ The man who comes back through the Door in the Wall will never be quite the same as the man who went out.

02-04-2009, 08:37 AM	#3 (permalink)
Y.P.Y The Wanderer Join Date: Sep 2008 Location: Tehran - Iran Posts: 6 Thanks: 35	lol! Iam not a hacker! But you know about hackers? Do you think, Hackers uisng standard URL browsing?? This plugin is not secure(Patch needed) And this is a BUG! GL. __________________ http://Yousha.Blog.ir/

The Following User Says Thank You to Y.P.Y For This Useful Post:

Yoosha (03-17-2010)

02-04-2009, 10:57 AM	#4 (permalink)
Salathe Moderateur Join Date: Apr 2007 Posts: 1,393 Thanks: 5	Please explain the actual vulnerability, what harm can be done?

Reply

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts vB code is On Smilies are On [IMG] code is On HTML code is Off Trackbacks are On Pingbacks are On Refbacks are On

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Help me secure this code?	Aaron	Absolute Beginners	16	06-25-2009 10:55 AM
Venerable methods and the applications they are commonly trusted in.	Village Idiot	Tips & Tricks	7	11-06-2008 07:36 AM
Secure pages??	marxx	General	6	03-09-2008 08:49 AM
Secure AJAX Server Scripts	trmbne2000	General	4	12-07-2007 01:14 AM

All times are GMT. The time now is 03:49 AM.

Inactive Reminders By Icora Web Design