g00dgirl Posted April 22, 2005 Share Posted April 22, 2005 I have the affiliate module on OSC 2.2 MS1. One affiliate reported that they can no longer log in. Upon investigation their affiliate ID / account had all the data changed to another persons name and details, including payment details. A monthly payment of 15.000 to 20.000 dollars could have accidentally gone to the wrong person, it is quite serious. The integrity of all our affiliate accounts is destroyed at this stage, pay day coming closer a bit of a worry! There is some bug that allows anyone to gain access to any affiliate account and change the details. Someone did it. I tried to search +affiliate +security +bug but no luck and also tried google, does anyone know about this or can anyone imagine how this could be possible? Would it be some kind of session poisoning or could it be something more simple even?? Help appreciated! Quote Link to comment Share on other sites More sharing options...
osjunkie Posted April 23, 2005 Share Posted April 23, 2005 I have the affiliate module on OSC 2.2 MS1. One affiliate reported that they can no longer log in. Upon investigation their affiliate ID / account had all the data changed to another persons name and details, including payment details. A monthly payment of 15.000 to 20.000 dollars could have accidentally gone to the wrong person, it is quite serious. The integrity of all our affiliate accounts is destroyed at this stage, pay day coming closer a bit of a worry! There is some bug that allows anyone to gain access to any affiliate account and change the details. Someone did it. I tried to search +affiliate +security +bug but no luck and also tried google, does anyone know about this or can anyone imagine how this could be possible? Would it be some kind of session poisoning or could it be something more simple even?? Help appreciated! <{POST_SNAPBACK}> Maybe upgrade to the lastest package and perhaps migrate over to MS2... Check for cross scripting ability. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.