PhotoPost Photo Gallery Sales PhotoPost Sales Toll Free Phone Number
Mon-Fri 9am-4pm EST
  PhotoPost Photo Sharing Photo Gallery    Visualize community tm
Home| Details| Support| Demo: User / Admin| Customer Galleries| Contact Us| Forums| Blog| Members Area| Buy PhotoPost

Go Back   PhotoPost Community > PhotoPost Support > ReviewPost Pro Support Forums > ReviewPost Bug Reports
Unparsed vars in member.php Unparsed vars in member.php
Register FAQ Social Groups Calendar Mark Forums Read

ReviewPost Bug Reports Let us know about any post installation problems you are having with ReviewPost.

Reply
 
LinkBack Thread Tools Rate Thread Display Modes
Old July 20th, 2005, 07:08 AM   #1 (permalink)
Member
Verified Customer
 
Join Date: Jun 2005
Posts: 179
Non-sanitized vars in member.php
The $editbio variable looks to be untouched allowing just about any arbritary data to be inserted into someone's profile allowing for onclick style cookie stealing etc.

Line 312: $bio=$editbio;

This is left unchecked until inserted into the database on line 364:
Quote:
$query = "UPDATE {$Globals['rp_db_prefix']}users SET email='$email',homepage='$homepage',icq='$icq',aim='$aim',yahoo='$yahoo',birthday='$birthday',interests='$hobbies',occupation='$occupation',bio='$bio',location='$location',offset='$offset' WHERE userid=$uid";
Reference original report made about PhotoPost:
http://marc.theaimsgroup.com/?l=bugt...5868402859&w=2
Last edited by Arnie; July 20th, 2005 at 07:20 AM.
Arnie is offline   Reply With Quote
Reply

« Unparsed vars in showcat.php | Uploading images with arbitrary content »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes Rate This Thread
Linear Mode Linear Mode
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
Unparsed vars in showcat.php Arnie ReviewPost Bug Reports 0 July 20th, 2005 06:46 AM
Find and replace member.php in templates StewardManscat How Do I? - vBulletin 3.0.X 7 December 21st, 2004 07:56 PM


All times are GMT -5. The time now is 12:15 PM.

Contact Us - PhotoPost - Archive - Privacy Statement - Top
Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.2.0
HOME | Copyright 2001-2009 ALL ENTHUSIAST, INC. ALL RIGHTS RESERVED.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94