Help Center Live Community

General => General Discussion => Topic started by: peopleinside on January 17, 2008, 05:59:47 PM



Title: [Vulnerability Bug Security] in Help Center Live 2.1.5
Post by: peopleinside on January 17, 2008, 05:59:47 PM
 ;) Hi Evrithing!
I Think Help Center Live It's Fantastic! BUT i have find ONE important VULNERABILITY!

The vulnerability is when ALL OPERATOR are BUSY OR NOT ON-LINE
and there are contact form. A "bad visitator" can send illimitate mail becouse
the system don't check if e-mail is correct.

With help center live contact form you cand send forum without insert ANITHING on the text box.
If bad visitator use send bottom many, many white mail are send to you.

I hope for this bug will be correct in future version with a simple check,
MAIL MAST BE COMPILED.

If you open a contact form of help center live and push send,
the module send e-mail without any text box compiled!


Title: Re: [Vulnerability Bug Security] in Help Center Live 2.1.5
Post by: HCL Admin on January 19, 2008, 02:10:44 PM
The entire contact system is slated for rework.  I truely hate contact forms that send mail, since the bad guys always find a way to manipulate it.