SingIn Auth some of your RuParams are vulnerable

developerMember

I could redirect a user to any other domain than auctiva.com like this:
&nextpage%3dhttp%3a%2f%2fwww.anyotherdomain.com%2f

Also i could generate a token for any auctiva account without to have the username and password of that account just by specifying the &id= in ruparams.

Also there are many others BUGS i found but i believe these are most important, it's about your own security.

1/31/116:02 PM

❤️ 0

Original Post

auctivajoemAuctiva Support

Hello,

Thanks for your concern. I've verified that neither of these are actually possible.

We don't allow redirects to other domains off of auctiva.com in that parameter. Also, there is security in place to prevent tampering of the URL during the token generation process.

2/1/115:25 PM

❤️ 0

Add Reply

<ul id="{%=id%}ButtonGroup" class="button-group h-popup-buttons even-button-group even-1">
    <li id="{%=id%}Okay_buttonContainer"><a id="{%=id%}Okay" href="javascript:void(0);" class="button success no-margin-bottom h-alert-modal-ok-button" role="button">OK</a><script type="text/javascript">
        (function() {
            function {%=id%}Okay_click(event, data) {
            {%=id%}Popup.hide();
        }
        
                $('#{%=id%}Okay').on('click', {%=id%}Okay_click);
        })();
    </script></li></ul><a href="javascript:void(0);" class="close-reveal-modal" aria-label="Close Modal">&#215;</a><div class="last-modal-focus focus-utility-element" tabindex="0"></div>
</div>
<script type="text/javascript">
        (function() {
            {%=id%}Popup = new SS.Popup.ModalPopup('{%=id%}');
        })();
    </script>

Skip to main content

Add Reply

Membership Required

Remove From Your Block List

Manage Follow Preferences

Block

Please wait...