Is this exploit or etc ?

[Lizard King]

A friend of mine gave the following link and adviced me to close down my gallery I don't know about it but here is the link

he is telling me that anyone who knows our gallery folder can control over our sites . Maybe you shall check it

The main thing is if there is a picture a post for moderation anyone can delete or activate the picture or post.

[Zachery]

I've moved a copy of your thread to our staff forum for invesitgation.

FYI that is a known pirate board and you should avoid being on it if at all possible

Yikes, would like info ASAP if you get a fix for this!

[Lizard King]

Quote:

Originally Posted by Zachery

I've moved a copy of your thread to our staff forum for invesitgation.

FYI that is a known pirate board and you should avoid being on it if at all possible

I have no idea what kind of forum it is Zachery , a friend of mine gave me the link and gave me some example links of it. Thats why i opened the thread in here.

[PhoenixDown21]

If thats the bug posted in teh lounge at vb.org, I tried it here on vbadvanced and it seems to work. I also tried it on my forum logged out and seemed to have an effect too.

[ConqSoft]

Yep. It only affects you if you are using Image or Post moderation in the Gallery. If you are using Image or Post moderation, it appears that the most that can happen is that any un-validated Images or Posts could be deleted.

[imported_tamarian]

Quote:

Originally Posted by ConqSoft

Yep. It only affects you if you are using Image or Post moderation in the Gallery. Otherwise, no damage can be done. If you are using Image or Post moderation, the most that can happen is that any un-validated Images or Posts could be deleted.

Has this been confirmed? That's all it can do? Which versions are effected?

Quote:

Originally Posted by phoenixdown

If thats the bug posted in teh lounge at vb.org, I tried it here on vbadvanced and it seems to work. I also tried it on my forum logged out and seemed to have an effect too.

How exactly did it work here or on your forums? Did it actually allow you to moderate any images? I've just checked RC3 - 1.0.0 and you cannot validate/delete images unless you are a moderator (unless there's something I'm missing, which I don't think there is). They are correct in saying there is an error where it could allow you to moderate/delete posts though. For anyone that needs to fix this immediately, look in your gallery/moderate.php file for the following code:

Code:

Content visible to verified customers only.

Just Above that, Add:

Code:

Content visible to verified customers only.

[ConqSoft]

Quote:

Originally Posted by tamarian

Has this been confirmed?

No, not at all. I edited my response a bit. My response is not an official one from vBadvanced.

[PhoenixDown21]

Quote:

How exactly did it work here or on your forums? Did it actually allow you to moderate any images?

When I tried it here, it brought me to the moderation screen for images and posts but there weren't any for validation so nothing more there.

On mine, I wasn't logged in (this was via IE which I never use and almost exclusively use for testing logged out parts of my site) and managed to validate some posts to the gallery.

I wont be able to patch till I get home. I can moderate posts for a gallery and you can take a look if you want.

Ok, just wanted to make sure there wasn't something I was missing. There are images awaiting moderation on here, but the code to check the category moderator is working properly for those, so it's just a problem with the posts.

[corriewf]

Can you shoot out an email when you do a firm update for this?

[KW802]

Quote:

Originally Posted by corriewf

Can you shoot out an email when you do a firm update for this?

Version updates are communicated through the Announcements forum. To get an automated type of email I'd suggest subscribing to the Announcements forum.

Unfortunatly it's not that easy to send out an email just to the users who have purchased the gallery. As Kevin said though, if you subscribe to the announcements forum then you will be notified of any new posts.