vb.org Archive - major security hole in uShop

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- uCash & uShop (https://vborg.vbsupport.ru/forumdisplay.php?f=100)

- - major security hole in uShop (https://vborg.vbsupport.ru/showthread.php?t=121808)

FatalBreeze

07-22-2006 07:38 AM

major security hole in uShop

Hi guys, i've noticed that if im in the shop and uses this link:
.../ushop.php?do=richestusers&page=<script>alert("Owne d%20By%20FatalBreeze")</script>

it works!!

maybe we should just add intval() or something like that?

as a noob coder im not exactly aware of the consequences this may have, but i guess they are pretty harsh.

btw, im using the latest version of uCash&uShop on vB 3.5.4.

Zachery

07-22-2006 12:02 PM

uCS is no longer supported, or developed and we've already made refrences to move off of it.

All times are GMT. The time now is 08:36 PM.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01002 seconds Memory Usage 1,699KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_navbar_search (1)printthread (2)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: