Status
Not open for further replies.

Fleep

New member
Thread Ratings voting Exploit

Hey there DBTech so I installed Thread Ratings Lite yesterday and I've been testing it out.
So one of my moderators sent me this message "The idea is perfect but it took 5 seconds to exploit it, it's a simple javascript but the server won't check for the ratings given. I just gave your feedback thread a rating of 35 to prove the point" with that said It seems like he just recalled the function and put any value he wanted there.

So my request I guess is can you add some sort of check to force the value between 1 and 10.

Thanks for your help.

Fleep
 

Attachments

  • Overrating Example.png
    Overrating Example.png
    17.3 KB · Views: 30
Last edited:
Thanks for catching that. I did a hotfix to fix this issue. If you redownload the package and upload dbtech/thread_ratings/actions/ajax.php they shouldn't be able to do it anymore :)
 
Status
Not open for further replies.

Legacy Thread Ratings

vBulletin 4.x.x
Seller
DragonByte Technologies
Release date
Last update
Total downloads
459
Customer rating
0.00 star(s) 0 ratings
Back
Top