RSS Exploit
#1
One of my team members has pointed out that there is a an RSS Exploit in MyBB PR2. One of my forums, which only allows several User Groups to view it at all (other groups have No Access at all, can't even see it's existence), when given it's RSS URL, all user groups (including not logged in )can have fully read access to it by the RSS. (when they click the Read More, they get the error, but from the RSS page, they can actually see the posts).
#2
What is the RSS URL that allows for this effect? Please obfuscate addresses so that people will be able to read stuff on your website. However, I do need the arguments given in the URL to determine where things went wrong.
Peter Akkies
#3
Due to a lack of response, i'm moving this bug report.

If anybody else is experiencing a similar problem, please let us know.


Forum Jump:


Users browsing this thread: 1 Guest(s)