Vulnerabilty found

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Josie Stauffer

    (@joanne123)

    Thanks for catching that!

    I’ve put out a new version with a fix.

    Thread Starter Gastonq_1

    (@gastonq_1)

    i’ve updated it but still having the same issue. The ‘manage items’ section echoes the title or the caption of the submitted data without cleaning it. e.g: the image pair form has a title called ‘caption’. if a user sets the caption to "><script>alert('hello')</script> and then hits submit, the server will store it without cleaning it. Thus, when the admin asks for information, such as text inputs, images, it’ll popup an alert box. htmlspecialchars() before updating or inserting into db would do the job.
    Also, i found a CSRF vuln. An anonymous user is able to update any data stored in the server for another user, simply by changing the value of the hidden field that its above the delete button. The value must match an existing item_id. hope i’ve been as clear as possible. feel free to contact me, i’ll help you.

    Plugin Author Josie Stauffer

    (@joanne123)

    We need to take this off-line. Check the about us / contacts page on the site for richmond hill camera club, look for webmaster.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Vulnerabilty found’ is closed to new replies.