g00dgirl Posted April 22, 2005 Posted April 22, 2005 I have the affiliate module on OSC 2.2 MS1. One affiliate reported that they can no longer log in. Upon investigation their affiliate ID / account had all the data changed to another persons name and details, including payment details. A monthly payment of 15.000 to 20.000 dollars could have accidentally gone to the wrong person, it is quite serious. The integrity of all our affiliate accounts is destroyed at this stage, pay day coming closer a bit of a worry! There is some bug that allows anyone to gain access to any affiliate account and change the details. Someone did it. I tried to search +affiliate +security +bug but no luck and also tried google, does anyone know about this or can anyone imagine how this could be possible? Would it be some kind of session poisoning or could it be something more simple even?? Help appreciated! Quote
osjunkie Posted April 23, 2005 Posted April 23, 2005 I have the affiliate module on OSC 2.2 MS1. One affiliate reported that they can no longer log in. Upon investigation their affiliate ID / account had all the data changed to another persons name and details, including payment details. A monthly payment of 15.000 to 20.000 dollars could have accidentally gone to the wrong person, it is quite serious. The integrity of all our affiliate accounts is destroyed at this stage, pay day coming closer a bit of a worry! There is some bug that allows anyone to gain access to any affiliate account and change the details. Someone did it. I tried to search +affiliate +security +bug but no luck and also tried google, does anyone know about this or can anyone imagine how this could be possible? Would it be some kind of session poisoning or could it be something more simple even?? Help appreciated! <{POST_SNAPBACK}> Maybe upgrade to the lastest package and perhaps migrate over to MS2... Check for cross scripting ability. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.