I found a security vulnerability which is consistent with all eFiction 2-3 releases.
You do not validate the form fields 'reviewer' or 'uid' when reviews are submitted. This can be used to post a review under someone elses logged in penname.
It is very easy to exploit this vulnerability, either by creating a dummy review page or by using one of the many freely available browser extensions which allow you to tamper with form data before it is sent.
Whilst this does not give anyone access to another person's account, it can certainly be used to pretend you are somone that you're not.
This can be fixed fairly easily with a few new lines of code around line 122 on ./reviews.php
Contact me if more information is needed.
Bump. Should be fixed in 3.3.1.
Moving to solved.
Whoever said nothing is impossible never tried slamming a revolving door.
url: https://www.potionsandsnitches.org/fanfiction
php: 7.4.33 msql: 5.6.51-community GPL
efic version: 3.5.5 latest patches: yes
bridges: none mods: challenges, tracker, story end, beta, word
