We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

Get started
Google+

Security bug - Virtual Gifts | Forum

« Back to plugin
« Back to forum topic list
Laidy
Laidy Oct 8 '14

Hi. I need to fix this important security bug:


When I go to www.mysitename.com/virtual-gifts/view/6


I only need to change the final number (6...5...4..) to view all the sent/received virtual gifts.


I don't want my users may search privates virtual gift of others. 

#1
Oxwall Software
Oxwall Software Oct 9 '14
It's not a security bug, what do you see when you visit this private gift page?
#2
Laidy
Laidy Oct 10 '14

When I access to the private gift with this link, I see all the information (Message, Gift image and User profile photo - who send the gift). 


This is a security bug because I can see all the privates and publics gifts and private information with only changing the last number of the link (www.mysitename.com/virtual-gifts/view/6 or 7,8,9....). 


How may I fix that?

#3
Oxwall Software
Oxwall Software Oct 13 '14
Yeimi, we cannot reproduce that on demo or our test Oxwall websites. I believe you're referring to the Skadate software. If yes, you would need to contact Skadate support team to resolve your issue. If no, please share your URL.
#4
You do not have permission to reply this topic
Start | Demo | About | Policies & Licenses | Blog | Contact Us | Oxwall Foundation | Roadmap | Developer Central | Oxwall hosting | Contribute | Partners | Donation | Community software | Dating software
© Copyright Oxwall Software
Oxwall Community Software