Jump to content


Photo
* * * - - 2 votes

Attention hackers and comments!!!!!


  • Please log in to reply
24 replies to this topic

#21 Damien

Damien

    Junior Member

  • Members
  • PipPipPip
  • 78 posts

Posted 24 July 2016 - 01:47 AM

avs admin imagine that will upgrade, for other people who have no solution.

 

What solution? I only see a joke as far as support goes. I doubt the guy who owns this script can even write hello world in PHP.


Edited by Damien, 24 July 2016 - 01:53 AM.


#22 apple82

apple82

    Member

  • Members
  • PipPipPipPip
  • 293 posts
  • LocationSpain

Posted 24 July 2016 - 06:25 AM

What solution? I only see a joke as far as support goes. I doubt the guy who owns this script can even write hello world in PHP.

 

Yes, send email suport avs.



#23 Damien

Damien

    Junior Member

  • Members
  • PipPipPip
  • 78 posts

Posted 29 July 2016 - 07:08 AM

Yes, send email suport avs.

 

We don't have this problem, we've solved it with a filter. Also anyone using niginx can set a content security policy anyway, his .js script wont work then. https://content-security-policy.com/

 

My other point is no-one should need ask for help with this, it's a hole in the comments system that should be patched and updated, it's letting him run a .js file it's an exploit imo.


Edited by Damien, 29 July 2016 - 07:10 AM.


#24 theone

theone

    Senior Member

  • Members
  • PipPipPipPip
  • 368 posts

Posted 22 November 2016 - 01:39 AM

I'm assuming this was patched in AVS 4 but if anyone has not fixed this I have a mod that will detect the malicious code and prevent the comment from posting, immediately ban the user, and provide you with a range of information about the malicious person including computer / browser specs, ip, geo location, etc.



#25 Yikmings

Yikmings

    Junior Member

  • Members
  • PipPip
  • 22 posts

Posted 24 November 2016 - 10:47 AM

I fix it by disable and clean all comments in sql.