Jump to content


Photo
- - - - -

FURL - IPS intends to fix this?

Started by *José Antonio, Oct 30 2011 10:19 AM

  • Please log in to reply
25 replies to this topic

#21 Fast Lane!

Fast Lane!

    Advanced Member

  • +Clients
  • 334 posts

Posted 14 March 2012 - 01:21 AM

So if I were an evil person then I would write a script to basically repeatedly query that url and increment the post number, collecting topic titles. I would log all that came back with the "restricted" message in the html body but save the title tag. I could use that data to collect what otherwise was likely considered private information.

Seems like an issue.

#22 Matt

Matt

    Chief Software Architect

  • IPS Management
  • 25,999 posts

Posted 14 March 2012 - 07:15 AM

Guys, it's already been fixed.

If you have access to the client forum, grab the topic ID and try and access it via the old index.php?showtopic=x method while logged out.

Matt Mecham
Invision Power Services, Inc.
"I love deadlines. I especially like the whooshing sound they make as they go flying by."
-- Douglas Adams (1952 - 2001)

#23 *José Antonio

*José Antonio

    IPB Newbie

  • +Clients
  • 30 posts

Posted 14 March 2012 - 02:56 PM

Guys, it's already been fixed.

If you have access to the client forum, grab the topic ID and try and access it via the old index.php?showtopic=x method while logged out.

Hello Matt, I tested here and it seems that has not been fixed yet.

Access this URL without being logged: "community.invisionpower.com/index.php?app=forums&module=forums&section=findpost&pid=2240126"
Chaves e chapolin são 10... ou melhor, são 1000

-----

Posted Image

-----

Posted Image Posted Image

-----

#24 CalendarOfUpdates

CalendarOfUpdates

    Advanced Member

  • +Clients
  • 353 posts

Posted 14 March 2012 - 03:15 PM

Hello Matt, I tested here and it seems that has not been fixed yet.

Access this URL without being logged: "community.invisionpower.com/index.php?app=forums&module=forums&section=findpost&pid=2240126"

I can confirm that I can get the topic title from that link in IE 9 and FF 10.0.2.

#25 Matt

Matt

    Chief Software Architect

  • IPS Management
  • 25,999 posts

Posted 15 March 2012 - 04:51 AM

Thanks. It's fixed now. :)

Matt Mecham
Invision Power Services, Inc.
"I love deadlines. I especially like the whooshing sound they make as they go flying by."
-- Douglas Adams (1952 - 2001)

#26 *José Antonio

*José Antonio

    IPB Newbie

  • +Clients
  • 30 posts

Posted 15 March 2012 - 10:20 AM

Thanks. It's fixed now. :smile:

Now is perfect!

Thank you very much Matt Posted Image
Chaves e chapolin são 10... ou melhor, são 1000

-----

Posted Image

-----

Posted Image Posted Image

-----
Back to IP.Board


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Invision Power Services
  2. IPS Client Services
  3. IPS Software and Company Feedback
  4. Community Suite Feedback
  5. IP.Board
  6. Privacy Policy
  7. Community Rules ·