Help Center Live Community

Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: [1]   Go Down

Author Topic: [Vulnerability Bug Security] in Help Center Live 2.1.5  (Read 4225 times)

peopleinside

  • Not too much to say...
  • *
  • Offline Offline
  • Posts: 1
    • People Inside
[Vulnerability Bug Security] in Help Center Live 2.1.5
« on: January 17, 2008, 08:59:47 AM »

 ;) Hi Evrithing!
I Think Help Center Live It's Fantastic! BUT i have find ONE important VULNERABILITY!

The vulnerability is when ALL OPERATOR are BUSY OR NOT ON-LINE
and there are contact form. A "bad visitator" can send illimitate mail becouse
the system don't check if e-mail is correct.

With help center live contact form you cand send forum without insert ANITHING on the text box.
If bad visitator use send bottom many, many white mail are send to you.

I hope for this bug will be correct in future version with a simple check,
MAIL MAST BE COMPILED.

If you open a contact form of help center live and push send,
the module send e-mail without any text box compiled!
Logged

HCL Admin

  • Administrator
  • HCL Superstar
  • *****
  • Offline Offline
  • Posts: 882
    • Help Center Live
Re: [Vulnerability Bug Security] in Help Center Live 2.1.5
« Reply #1 on: January 19, 2008, 05:10:44 AM »

The entire contact system is slated for rework.  I truely hate contact forms that send mail, since the bad guys always find a way to manipulate it.
Logged
how may I help you today?
Pages: [1]   Go Up
 

Page created in 0.161 seconds with 18 queries.