-
It has been brought to my attention by one of my QA testers that there is a MAJOR security exploit in the forgot password process.
I had a test user (gamer role) figure out how to modify a URL and the $_GET method of the script to reset ANY USERS PASSWORD at any time… then access their account (administrator level) and then do whatever they wanted.
They found this by resetting their password; They realized then that the URL in the activation email had their username at the end of the URL request string (?name=’blank’).
Basically, replace the end of this URL with anyones username to instantly change their password without any key or token required. Any user name…
https://play.armedvr.com/lost-password/?action=rp&key=gobUHKcYSK6Jr7dwOiFf&login=Tester3
https://play.armedvr.com/lost-password/?action=rp&login=Tester3The &key=gobUHKcYSK6Jr7dwOiFf aspect of this script plays absolutely no role in the activation process. This is all out of the box, no modifications to any code. What’s going on with this? This is such a problem to me, I’m afraid to see what else might allow exploits in this system.
-
Please use the search before making a post. Your question maybe be already answered!
-
Do you need customization work? Are you having trouble installing Wordpress? Feeling lazy and want somebody else to do the hard work for you?
Join our discord!
Need hosting?
Follow us!