Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 Community Forums
 Show-Off Your Forums
 Forum with Music, Chat and Discussion Group
 New Topic  Topic Locked
 Printer Friendly
Previous Page
Author Previous Topic Topic Next Topic
Page: of 2

cgcarter1
Starting Member

14 Posts

Posted - 31 March 2008 :  15:25:37  Show Profile
Very interesting security flaw...
I figured out how I double posted...

If you post, then click the back button and then the forward button it posts again. I did it on my forum - that's how I figured out how I double posted. It bypasses the flooding control and you could potentially flood a forum.

Eh, one for the Snitz developers (if snitz is still in development).
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20577 Posts

Posted - 31 March 2008 :  15:43:26  Show Profile  Visit HuwR's Homepage
quote:
Originally posted by cgcarter1

Very interesting security flaw...
I figured out how I double posted...

If you post, then click the back button and then the forward button it posts again. I did it on my forum - that's how I figured out how I double posted. It bypasses the flooding control and you could potentially flood a forum.

Eh, one for the Snitz developers (if snitz is still in development).



How is that a security flaw in the Snitz code ? your two posts were 17 mins apart, the flood control does not last that long. what you did is exactly what I would expect to happen given what you did. How long would you suggest we set the flood limit for ?
Go to Top of Page

cgcarter1
Starting Member

14 Posts

Posted - 01 April 2008 :  09:24:51  Show Profile
When I did it on my sandbox, it posted two seconds apart. Perhaps flaw is not the correct term.
Go to Top of Page

muzishun
Senior Member

United States
1079 Posts

Posted - 01 April 2008 :  10:28:24  Show Profile  Visit muzishun's Homepage
Is flood control enabled on your sandbox forum? I tested on all three of my test forums and wasn't able to post while under the flood limit.

Bill Parrott
Senior Web Programmer, University of Kansas
Co-Owner and Code Monkey, Eternal Second Designs (www.eternalsecond.com)
Personal Website (www.chimericdream.com)
Go to Top of Page

MarkJH
Senior Member

United Kingdom
1722 Posts

Posted - 01 April 2008 :  11:22:55  Show Profile  Visit MarkJH's Homepage
Did you test this as a normal member or administrator? Administrators can post without flood control taking effect.

Bandlink.net - http://www.bandlink.net/
Bandlink Music Forums - http://www.bandlink.net/forum/
Go to Top of Page

cgcarter1
Starting Member

14 Posts

Posted - 01 April 2008 :  12:36:30  Show Profile
You're right Mark. My bad, yo. Wasn't thinking.
Go to Top of Page
Page: of 2 Previous Topic Topic Next Topic  
Previous Page
 New Topic  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.13 seconds. Powered By: Snitz Forums 2000 Version 3.4.07