Is this exploit or etc ?
 

A friend of mine gave the following link and adviced me to close down my gallery :) I don't know about it but here is the link

he is telling me that anyone who knows our gallery folder can control over our sites :rolleyes: . Maybe you shall check it :)

The main thing is if there is a picture a post for moderation anyone can delete or activate the picture or post.

Re: Is this exploit or etc ?
 

I've moved a copy of your thread to our staff forum for invesitgation.

FYI that is a known pirate board and you should avoid being on it if at all possible :(

Re: Is this exploit or etc ?
 

Yikes, would like info ASAP if you get a fix for this!

Re: Is this exploit or etc ?
 

I have no idea what kind of forum it is Zachery , a friend of mine gave me the link and gave me some example links of it. Thats why i opened the thread in here.

Re: Is this exploit or etc ?
 

If thats the bug posted in teh lounge at vb.org, I tried it here on vbadvanced and it seems to work. I also tried it on my forum logged out and seemed to have an effect too.

Re: Is this exploit or etc ?
 

Yep. It only affects you if you are using Image or Post moderation in the Gallery. If you are using Image or Post moderation, it appears that the most that can happen is that any un-validated Images or Posts could be deleted.

Re: Is this exploit or etc ?
 

Has this been confirmed? That's all it can do? Which versions are effected?

Re: Is this exploit or etc ?
 

How exactly did it work here or on your forums? Did it actually allow you to moderate any images? I've just checked RC3 - 1.0.0 and you cannot validate/delete images unless you are a moderator (unless there's something I'm missing, which I don't think there is). They are correct in saying there is an error where it could allow you to moderate/delete posts though. For anyone that needs to fix this immediately, look in your gallery/moderate.php file for the following code:

Just Above that, Add:

Re: Is this exploit or etc ?
 

No, not at all. I edited my response a bit. My response is not an official one from vBadvanced.

Re: Is this exploit or etc ?
 

When I tried it here, it brought me to the moderation screen for images and posts but there weren't any for validation so nothing more there.

On mine, I wasn't logged in (this was via IE which I never use and almost exclusively use for testing logged out parts of my site) and managed to validate some posts to the gallery.

I wont be able to patch till I get home. I can moderate posts for a gallery and you can take a look if you want.

Re: Is this exploit or etc ?
 

Ok, just wanted to make sure there wasn't something I was missing. There are images awaiting moderation on here, but the code to check the category moderator is working properly for those, so it's just a problem with the posts.

Re: Is this exploit or etc ?
 

Can you shoot out an email when you do a firm update for this?

Re: Is this exploit or etc ?
 

Version updates are communicated through the Announcements forum. To get an automated type of email I'd suggest subscribing to the Announcements forum.

Re: Is this exploit or etc ?
 

Unfortunatly it's not that easy to send out an email just to the users who have purchased the gallery. As Kevin said though, if you subscribe to the announcements forum then you will be notified of any new posts.