05-03-2007, 08:30 AM
Amy alerted me to this problem after she was alerted by another user. She was able to confirm the existence of this MAJOR account related security hole using a demo of the script.
I'm not going to post the details of this vulnerability in the open because I don't want to give hackers and scammers a free pass to wreak havoc on the dozens of auction sites using this script, but...
If you're an RScript RSAuction site owner send me a PM and I'll fill you in on the nature of the problem. A major account related security flaw was discovered by a user. Another person replicated the steps that led to the discovery of the bug and was able to verify the existence of this major security hole using a current demo of the script.
If you're an RScript programmer send me a PM and I'll give you the steps needed to replicate and confirm the existence of this major hole. You need to issue a patch immediately.
PS for the person responsible for this bit of sloppy programming, a quote from reference.com
I'm not going to post the details of this vulnerability in the open because I don't want to give hackers and scammers a free pass to wreak havoc on the dozens of auction sites using this script, but...
If you're an RScript RSAuction site owner send me a PM and I'll fill you in on the nature of the problem. A major account related security flaw was discovered by a user. Another person replicated the steps that led to the discovery of the bug and was able to verify the existence of this major security hole using a current demo of the script.
If you're an RScript programmer send me a PM and I'll give you the steps needed to replicate and confirm the existence of this major hole. You need to issue a patch immediately.
PS for the person responsible for this bit of sloppy programming, a quote from reference.com
Quote:Vulnerabilities often result from the carelessness of a programmer
http://www.reference.com/browse/wiki/Vul...computing)