HWBOT
  1. HWBOT
  2. HWBOT-841

Moderator exploit when switching teams

    Details

    • Type: Bug Bug
    • Status: Closed Closed
    • Priority: Trivial Trivial
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: hwbot v4.6.12
    • Labels:
      None

      Description

      It is currently possible to exploit the moderator functionality.

      1. Create a new team, you are made moderator of this team
      2. Switch to another team
      3. Your moderator role is removed in the database but as long as your session is active, you can do moderator stuff for the other team.

      Tested here: http://hwbot.org/submission/2323486_devroush_superpi_core_i7_q720m_15sec_631ms (in submission history you can see edited by tempUser)

        Activity

        Hide
        Dennis Devriendt added a comment -
        easily fixed, update the user object in the session object
        Show
        Dennis Devriendt added a comment - easily fixed, update the user object in the session object
        Hide
        Build Server added a comment -
        Integrated in HWBOT v4 #2551 (See [http://dev.hwbot.org/job/HWBOT%20v4/2551/])
            HWBOT-841

        Moderator exploit when switching teams

        dennis :
        Files :
        * /hwbot/trunk/src/main/java/org/hwbot/web/actions/ProfileController.java
        Show
        Build Server added a comment - Integrated in HWBOT v4 #2551 (See [ http://dev.hwbot.org/job/HWBOT%20v4/2551/ ])      HWBOT-841 Moderator exploit when switching teams dennis : Files : * /hwbot/trunk/src/main/java/org/hwbot/web/actions/ProfileController.java

          People

          • Assignee:
            Dennis Devriendt
            Reporter:
            Dennis Devriendt
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: