PDA

View Full Version : Price field hack :)



Aleksandar Apostolovski
April 24, 2019, 08:39 PM
Hi,
I had a similar phone field hack before and it was fixed, and now it's the price field. Some user managed to put a letter in the price field so his price it's: 16.00e €
Can someone from Flynax have a look at it?
Listing number: 637589

Thanks

Viktor
April 25, 2019, 03:41 AM
I have tried to reproduce the problem and I couldn't. Do you know how to do it?

Rudi
April 25, 2019, 04:30 AM
Hello,

Actually, the price field doesn't accept any letters (as much as other numeric fields) if you try to type some

it's possible only if you execute js function via developer console

I've added some validator to php code and now any non-numeric chars shouldn't pass

Aleksandar Apostolovski
April 25, 2019, 07:47 AM
Hi, I couldn't reproduce it too and I don't have a clue how did the user managed to do it. That's why I named it "hack" :) Thank you Rudi for the help!

Pete Young
April 25, 2019, 09:11 AM
Hello,

Actually, the price field doesn't accept any letters (as much as other numeric fields) if you try to type some
it's possible only if you execute js function via developer console
I've added some validator to php code and now any non-numeric chars shouldn't pass

There is a known back door into flynax, and I am sure admins have closed that door by now but I wont post it here, and I doubt it was connected to this? I will pm the doorway just incase you do not know about it.

Aleksandar Apostolovski
April 25, 2019, 08:01 PM
Sure you can pm me it, as I don't know anything about it.

Pete Young
April 26, 2019, 12:15 AM
Sure you can pm me it, as I don't know anything about it. Aleksandar I have sent it to Rudi, and will let him advise or share if needed, but my guess is the door has already been shut and locked, and just more of a precaution at this stage / just in case, and I also do not see it being able to do what you described, either way all should be good.

I found it tucked away in a dark corner, when doing some research on how to make some changes to my site by mistake recently.