Forum
ETF2L permissions exploit
Created 14th February 2011 @ 12:03
Locked Pages: 1
Your site is vulnerable to having permissions overridden by malicious postdata. :)
No leader rights to leader rights just by sending malicious postdata. Anyone can do it. This is a little bit of a bug ;)
Stop hacking stuff chris. You’re addicted, you need help.
Quoted from .____________.
Stop hacking stuff chris. You’re addicted, you need help.
HAPPY VALENTINES TO YOU TOO
Sorry to spoil your fun, but if I am not mistaken you were previously marked Deputy of that team. A deputy has the rights to edit a team’s roster, and that includes setting these rights. Why you would be manipulating post data to do something you can do perfectly fine without, I don’t know.
(Yes, on the roster page it’s hidden to edit your own role, but that’s just to prevent the idiots deleting their own leader rights, it’s by no means prohibited.)
If this is a matter of you thinking deputy’s shouldn’t be able to alter these things, take it up with the league (head) admins. They can disable it by unticking a single button.
No exploit: expected behaviour.
Locked Pages: 1
content rss