Page 1 of 3 123 LastLast
Results 1 to 10 of 23
Like Tree2Likes

Thread: Hacking ads bypass in ClassiPress 3.x.x - Hole Security

  1. January 22nd, 2013 #1
    patrickjose
    patrickjose is offline
    Thread Starter
    Member patrickjose's Avatar
    Join Date
    Dec 2012
    Location
    Brazil
    Posts
    83
    Thanks
    1
    Thanked 25 Times in 15 Posts

    Hacking ads bypass in ClassiPress 3.x.x - Hole Security

    Well, the scenario is:

    You have the ClassiPress 3.2.1 running and you setup to charge for ads (packs) and charge for featured ads.

    Step1) Your registered user fill up the form and select the package he want and the featured option if he wants. Both will charge the registered user;

    Step2) The registered user will see the summary of the ad with the value to charge; eg: 40 USD; and he will select the desired payment method.

    Step3) He will be redirected to gateway processor or will receive the instructions for the payment.

    Sounds good huh? No problem here at all...

    But the user goes to his dashboard he will see his ad with the "waiting payment" status and the "delete ad" link

    Here is the hole: the link to "delete ad" sounds like: ?aid=777&action=delete

    If the user has some knowledge of ClassiPress, PHP or even some logic he can change the action via post

    As I know ClassiPress have some actions like pause, delete, renew, restart, setsold, unsetsold

    I can simply change ?aid=777&action=pause and hit enter and I'll get my ad paused and voilą!

    It will bring me more actions like edit, delete, restart, setsold

    Well as I want to make it visible, so let's restart my ad! change the url to ?aid=777&action=restart or just click on restart button

    You add will be visible to anyone and you don't have to pay for it

    very very simple!

    I hope AppThemes Team could fix this asap!

    If you want to fix it just open the tpl-dashboard.php

    Look for:

    PHP Code:
    $delete_url add_query_arg( array( 'aid' => $post->ID'action' => 'delete' ), CP_DASHBOARD_URL );
    echo     '<a onclick="return confirmBeforeDelete();" href="' $delete_url '" style="display: block;">' __('Delete Ad''appthemes') . '</a>'
    and comment it adding // in front of both lines

    PHP Code:
    //$delete_url = add_query_arg( array( 'aid' => $post->ID, 'action' => 'delete' ), CP_DASHBOARD_URL );
    //echo '<a onclick="return confirmBeforeDelete();" href="' . $delete_url . '" style="display: block;">' . __('Delete Ad', 'appthemes') . '</a>'; 
    You will find it on lines 172-173 and 184-185

    and on lines 195-196 you can delete those lines:

    PHP Code:
    <?php $delete_url add_query_arg( array( 'aid' => $post->ID'action' => 'delete' ), CP_DASHBOARD_URL ); ?>
    <a onclick="return confirmBeforeDelete();" href="<?php echo $delete_url?>" title="<?php _e('Delete Ad''appthemes'); ?>"><img src="<?php bloginfo('template_directory'); ?>/images/cross.png" title="<?php _e('Delete Ad''appthemes'); ?>" alt="<?php _e('Delete Ad''appthemes'); ?>" border="0" /></a>&nbsp;&nbsp;
    This will prevent your users from "hacking" your ads



    I think other products of AppThemes uses the same code as ClassiPress uses, so be careful and wait for an update/fix from AppThemes Team.



    This security issue was found by PatrickJose
    Reply With Quote Reply With Quote

  2. The Following 9 Users Say Thank You to patrickjose For This Useful Post:

    appouser (January 25th, 2013), bleem (January 22nd, 2013), mohsinoffline (February 1st, 2013), mzaha (January 28th, 2013), ositech (April 4th, 2014), samanders (January 26th, 2013), samcy (January 23rd, 2013), seocoach (January 30th, 2013), waylandltd (January 28th, 2013)
  3. January 23rd, 2013 #2
    samcy
    samcy is offline
    samcy's Avatar
    Join Date
    Mar 2012
    Location
    Germany
    Posts
    12,098
    Thanks
    121
    Thanked 1,756 Times in 1,442 Posts
    You must be an AppThemes customer and logged in to view this response. Join today!
    Rolf Hassel (Samcy)
    Reply With Quote Reply With Quote
  4. January 25th, 2013 #3
    joelsonmiranda
    joelsonmiranda is offline
    joelsonmiranda's Avatar
    Join Date
    Dec 2012
    Posts
    7
    Thanks
    0
    Thanked 0 Times in 0 Posts
    You must be an AppThemes customer and logged in to view this response. Join today!
    Reply With Quote Reply With Quote
  5. January 25th, 2013 #4
    gregjones
    gregjones is offline
    gregjones's Avatar
    Join Date
    Mar 2012
    Location
    United Kingdom
    Posts
    35
    Thanks
    0
    Thanked 0 Times in 0 Posts
    You must be an AppThemes customer and logged in to view this response. Join today!
    Reply With Quote Reply With Quote
  6. January 25th, 2013 #5
    sick
    sick is offline
    Junior Member sick's Avatar
    Join Date
    Mar 2012
    Location
    United States
    Posts
    29
    Thanks
    4
    Thanked 4 Times in 2 Posts
    You must be an AppThemes customer and logged in to view this response. Join today!
    aj270303 likes this.
    Reply With Quote Reply With Quote
  7. January 26th, 2013 #6
    bleem
    bleem is offline
    Veteran bleem's Avatar
    Join Date
    Feb 2012
    Posts
    1,571
    Thanks
    103
    Thanked 205 Times in 180 Posts
    You must be an AppThemes customer and logged in to view this response. Join today!
    aj270303 likes this.
    Reply With Quote Reply With Quote
  8. January 28th, 2013 #7
    mzaha
    mzaha is offline
    mzaha's Avatar
    Join Date
    Sep 2012
    Location
    Brazil
    Posts
    131
    Thanks
    39
    Thanked 5 Times in 5 Posts
    You must be an AppThemes customer and logged in to view this response. Join today!
    Reply With Quote Reply With Quote
  9. January 28th, 2013 #8
    mzaha
    mzaha is offline
    mzaha's Avatar
    Join Date
    Sep 2012
    Location
    Brazil
    Posts
    131
    Thanks
    39
    Thanked 5 Times in 5 Posts
    You must be an AppThemes customer and logged in to view this response. Join today!
    Reply With Quote Reply With Quote
  10. January 28th, 2013 #9
    seoagent
    seoagent is offline
    seoagent's Avatar
    Join Date
    Jul 2012
    Location
    Edmonton, AB, Canada
    Posts
    660
    Thanks
    136
    Thanked 86 Times in 74 Posts

    Arrow This is a top priority issue and needs to be addressed today.

    You must be an AppThemes customer and logged in to view this response. Join today!
    When in doubt: Read, Ask, Do. G+
    Reply With Quote Reply With Quote
  11. January 29th, 2013 #10
    meloniq
    meloniq is offline
    meloniq's Avatar
    Join Date
    May 2011
    Location
    Poland
    Posts
    1,076
    Thanks
    17
    Thanked 178 Times in 159 Posts
    You must be an AppThemes customer and logged in to view this response. Join today!
    Have Clipper website?! --> You need coupons importer!!!
    See available integrations with affiliate networks: Commission Factory, CJ Affiliate, Daisycon, Rakuten LinkShare, ShareASale, Tradedoubler, TradeTracker

    Payment gateways: Bitpay, Dotpay, PayU PL, Przelewy24, Skrill

    me @ AT || meloniq.net
    Reply With Quote Reply With Quote

  12. The Following User Says Thank You to meloniq For This Useful Post:

    seoagent (January 29th, 2013)
Page 1 of 3 123 LastLast
« Importing ads with images from classipress export file | Child theme - too late now? »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Ideas Exchange or black hole?
    By flash in forum ClassiPress General Discussion
    Replies: 3
    Last Post: January 28th, 2013, 08:29 AM
  2. Wordpress Hacking
    By brianbemis in forum ClassiPress General Discussion
    Replies: 15
    Last Post: December 3rd, 2012, 01:24 PM
  3. IS this someone hacking
    By mefindcoupon in forum Report Clipper Bugs
    Replies: 4
    Last Post: May 5th, 2012, 05:45 AM
  4. How to bypass 2nd Step in ad posting?
    By muhabat in forum ClassiPress General Discussion
    Replies: 5
    Last Post: November 24th, 2011, 08:30 AM