SingIn Auth some of your RuParams are vulnerable

developerMember

I could redirect a user to any other domain than auctiva.com like this:
&nextpage%3dhttp%3a%2f%2fwww.anyotherdomain.com%2f

Also i could generate a token for any auctiva account without to have the username and password of that account just by specifying the &id= in ruparams.

Also there are many others BUGS i found but i believe these are most important, it's about your own security.

1/31/116:02 PM

Original Post

<ul id="{%=id%}ButtonGroup" class="button-group h-popup-buttons even-button-group even-1">
    <li id="{%=id%}Okay_buttonContainer"><a id="{%=id%}Okay" href="javascript:void(0);" class="button success no-margin-bottom h-alert-modal-ok-button" role="button">OK</a><script type="text/javascript">
        (function() {
            function {%=id%}Okay_click(event, data) {
            {%=id%}Popup.hide();
        }
        
                $('#{%=id%}Okay').on('click', {%=id%}Okay_click);
        })();
    </script></li></ul><a href="javascript:void(0);" class="close-reveal-modal" aria-label="Close Modal">&#215;</a><div class="last-modal-focus focus-utility-element" tabindex="0"></div>
</div>
<script type="text/javascript">
        (function() {
            {%=id%}Popup = new SS.Popup.ModalPopup('{%=id%}');
        })();
    </script>

Skip to main content

Membership Required

Remove From Your Block List

Manage Follow Preferences

Block

Please wait...