Shoutbox

You have a bug in the voting system...
Email me: leachy_ov_ashton@hotmail.com and will explain in full detail and provide a fix....

http://www.msgpluslive.net/scripts/browse/index.php?act=view&id=80 You may want to delete the last vote on this.

Just mailed you, thank you in advance .

You've got mail

Thank you. I saw it, will work on a solution tomorrow. Since people already started exploiting it and there is no real security risk I'll rather work on a good fix tomorrow than a quick fix now.

lol i seen a few then at top of highest votes with 362/5 lol

Is it the one where the cookie stops you from revoting so by deleting you can re-vote then i guess anyone could have figured it out. Ip log per vote per script isnt feasible plus even that is easy to get by

quote:

---

Originally posted by leachy08
lol i seen a few then at top of highest votes with 362/5 lol

---

O.o!

nope its not. There's an exploit in the actual code of the voting. There is no check on the value that is being passed to the script. Therefore the user can send a vote of 1,000,000 instead of 5 if they wanted to.

ok, so all he has to do is fix the security flaw, then write a mini script to delete any vote thats not between 0 and 5

quote:

---

Originally posted by NiteMare
ok, so all he has to do is fix the security flaw, then write a mini script to delete any vote thats not between 0 and 5

---

Votes aren't stored that way... There is total rating (which is a sum of all ratings given) and there is a ammount of people who voted. So total rating / ammount of people who voted = rating.

Ahh so you will need to find each vote which is corrupt and clear it. I know id80 need clearing cuz thats mine i tested it on. To fix the flaw is easy though simple if statement...

code:

---

if ($_POST['vote'] < 0 || $_POST['vote'] > 5) {
     echo "Error with voting";
     die();
}

---