We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

Security bug - Virtual Gifts | Forum

Laidy
Laidy Oct 8 '14

Hi. I need to fix this important security bug:


When I go to www.mysitename.com/virtual-gifts/view/6


I only need to change the final number (6...5...4..) to view all the sent/received virtual gifts.


I don't want my users may search privates virtual gift of others. 

Oxwall Software
Oxwall Software Oct 9 '14
It's not a security bug, what do you see when you visit this private gift page?
Laidy
Laidy Oct 10 '14

When I access to the private gift with this link, I see all the information (Message, Gift image and User profile photo - who send the gift). 


This is a security bug because I can see all the privates and publics gifts and private information with only changing the last number of the link (www.mysitename.com/virtual-gifts/view/6 or 7,8,9....). 


How may I fix that?

Oxwall Software
Oxwall Software Oct 13 '14
Yeimi, we cannot reproduce that on demo or our test Oxwall websites. I believe you're referring to the Skadate software. If yes, you would need to contact Skadate support team to resolve your issue. If no, please share your URL.
You do not have permission to reply this topic