Rev Potential exploit.

Status
Not open for further replies.

Dan Smith

Member
Sep 10, 2011
64
3
Basicly. i belive that rev is xxs cross scriptable.

All thats needed is to set your motto to <script>alert('XXS')</script> and on online, it sends an alert.


Does anybody have a fix for this?

The fix will be largely appreciated!

Also, you may want to know:
Whats is XXS?




-Dan :D
 

Clit

Posting Freak
Feb 25, 2012
1,065
103
My exact point. At the end of the day, whatever you say, it is un-professional!
No respect for this hotel now.

Yet, this is not about your hotel, its about the exploit.
No harm can possibly be done. Someone really come up with something 12 characters or less that will harm/malfunction/or change w/o permission your hotel/website
 

Xyro

Elite Member
Oct 28, 2011
340
100
you're a wannabe fresh-hotel, you cannot tell me you are going to discipline for that. facepalm.jpg

How exactly are they wannabe Fresh-hotel? That's actually really pathetic coming from you to be honest. If they wanted to be fresh, they'd be copying everything that Fresh does. But are they? No. You're flaming at a kid that could probably end up being the reason why RevCMS is more secure. Maybe the XSS script is a threat, maybe it's not but you need to stop hating on people who are actually bringing useful information into this community and start doing that yourself.
 

Sledmore

Chaturbate Livestreamer
Staff member
FindRetros Moderator
Jul 24, 2010
5,199
3,934
By default in RevCMS, you cannot change your motto? - Also, I'm almost sure it's filtered in Phoenix? (Could be wrong) - Thirdly, if your staff do this - you hired some fucking idiots.
 

Tomm

The Legend
Aug 19, 2012
191
92
How exactly are they wannabe Fresh-hotel? That's actually really pathetic coming from you to be honest. If they wanted to be fresh, they'd be copying everything that Fresh does. But are they? No. You're flaming at a kid that could probably end up being the reason why RevCMS is more secure. Maybe the XSS script is a threat, maybe it's not but you need to stop hating on people who are actually bringing useful information into this community and start doing that yourself.
At the end of the day - it's not supposed to be there. Therefore, it's a problem and liable to be brought up on DevBest. Stop talking shit; you're wrong.
 

Find

Posting Freak
Jun 21, 2012
597
189
No respect for this hotel now.

Yet, this is not about your hotel, its about the exploit.
No harm can possibly be done. Someone really come up with something 12 characters or less that will harm/malfunction/or change w/o permission your hotel/website

Actually if I went on a hotel an there was messages just popping up whenever I went on certain pages, that could say something like "cunt" etc. it would put me off the hotel :) To me thats seems like harm?
 

Tomm

The Legend
Aug 19, 2012
191
92
By default in RevCMS, you cannot change your motto? - Also, I'm almost sure it's filtered in Phoenix? (Could be wrong) - Thirdly, if your staff do this - you hired some fucking idiots.
Every user can do this on the /online page, this is the problem.
 

Clit

Posting Freak
Feb 25, 2012
1,065
103
At the end of the day - it's not supposed to be there. Therefore, it's a problem and liable to be brought up on DevBest. Stop talking shit; you're wrong.
Opinion matter.

How exactly are they wannabe Fresh-hotel? That's actually really pathetic coming from you to be honest. If they wanted to be fresh, they'd be copying everything that Fresh does. But are they? No. You're flaming at a kid that could probably end up being the reason why RevCMS is more secure. Maybe the XSS script is a threat, maybe it's not but you need to stop hating on people who are actually bringing useful information into this community and start doing that yourself.
Really pathetic coming from me, as if thats supposed to mean something, not hating on anyone actually.
 

Find

Posting Freak
Jun 21, 2012
597
189
By default in RevCMS, you cannot change your motto? - Also, I'm almost sure it's filtered in Phoenix? (Could be wrong) - Thirdly, if your staff do this - you hired some fucking idiots.

If they change their motto via client it would appear on the online users page for their motto, and also it can't be seeing as we're using v3.8.1 licensed Phoenix and it works :) and like we've said multiple times it's not staff doing it thats a problem, it's users.
 
Status
Not open for further replies.

Users who are viewing this thread

Top