Go4Expert

Go4Expert (http://www.go4expert.com/)
-   Content Management System (http://www.go4expert.com/forums/content-management-system/)
-   -   In Xenforo Photopost Any user can be logged in as admin (http://www.go4expert.com/forums/xenforo-photopost-user-logged-admin-t30095/)

shabbir 11May2014 10:46

In Xenforo Photopost Any user can be logged in as admin
 
When working for photopost for a client found a bug in Photopost when integrated with Xenforo where any user with the same IP as admin can login as admin and perform all admin operations on photos.

In the file forums/xenforo.php on line 317 the code is as follows:
Code:

$query2 = "SELECT user_id FROM {$Globals['dprefix']}session_activity WHERE ip = '{$session_data['ip']}'";
$results = ppmysql_query($query2,$ppdb_link);
list( $cookuser) = $ppdb['fetch_row']($results);

It fetches the user id of the user based on the session_activity where user's ip match the ip address of the current session after getting the user id, it queries the usergroups permission table to fetch the user permission. Now if the user is on the same ip as Admin, the user gets the permission of the admin and he can modify edit / modify as well as delete photos from photopost.

The solution that I used was to comment the above 3 lines and use the user id used using the session data. i.e. adding the following line just after the above 3 lines.
Code:

$cookuser = $session_data['user_id'];
I tried posting the same in photopost bugs but as I don't have photopost pro account I could not do it but will definitely try to email them about the issue.


All times are GMT +5.5. The time now is 01:25.