Re: Security issues with YSmods Voucher Plugin

adam

Administrator
Staff member
Dec 5, 2009
2,043
108
63
I've moved your post down a place in this thread so it's not seen by non-ys in users (only this post will be seen).
 

enricodias4654

Member
YetiShare User
Jan 13, 2015
411
1
16
Security issues with YSmods Voucher Plugin

Hello,

ysmods doesn't exists anymore, I know, but I must warn everybody who bought this plugin about some security flaws that I've found.

The plugin doesn't implement security checks in the payments. Resellers can tweak the html form and order any amount of vouchers with a 99% discount.

Resellers can also exploit the download feature to download vouchers from other resellers. The plugin creates a txt file on the server in the same folder with the same name to write the vouchers, without locks. If 2 resellers use this feature at the same time, one of them will see vouchers from the other. An automated script may exploit this by making 1 request per second, all day every day.

And what was the relation between ysmods and mfscripts anyway? What happened?
 

adam

Administrator
Staff member
Dec 5, 2009
2,043
108
63
And what was the relation between ysmods and mfscripts anyway? What happened?
>>> He came and worked for us for about 3 months but it didn't work out unfortunately.
 

relinkto4664

New Member
YetiShare User
YetiShare Supporter
Reservo User
Reservo Supporter
Jan 1, 1970
37
4
0
enricodias4654 said:
Hello,

ysmods doesn't exists anymore, I know, but I must warn everybody who bought this plugin about some security flaws that I've found.

The plugin doesn't implement security checks in the payments. Resellers can tweak the html form and order any amount of vouchers with a 99% discount.


Resellers can also exploit the download feature to download vouchers from other resellers. The plugin creates a txt file on the server in the same folder with the same name to write the vouchers, without locks. If 2 resellers use this feature at the same time, one of them will see vouchers from the other. An automated script may exploit this by making 1 request per second, all day every day.

And what was the relation between ysmods and mfscripts anyway? What happened?

Do you mean this site?
/plugins/vouchers/site/index.php

I don't know which version do you have but my plugin store the codes at the DB
db » Select: plugin_vouchers

There are no textfiles stored at the server.
If you give me more details about this exploit i could fix the security issues.+

Best regards
 

enricodias4654

Member
YetiShare User
Jan 13, 2015
411
1
16
brainbreaker said:
Do you mean this site?
/plugins/vouchers/site/index.php

I don't know which version do you have but my plugin store the codes at the DB
db » Select: plugin_vouchers

There are no textfiles stored at the server.
If you give me more details about this exploit i could fix the security issues.+

Best regards
The plugin has an option to download the codes. This download creates a txt file and write the codes on it. The problem is that the plugin creates the file with the same name and if 2 resellers use this function at the same time 2 php threads will write on the same file (no lock used) and one reseller will get the other reseller's vouchers.

This vulnerability can be exploited by creating a bot to use this function every second (or many times per second) and get the codes from other resellers.

To fix the issue, just prevent the plugin to write this file. It's possible to send the headers and the codes without writing it in a file.
 

simon

New Member
YetiShare User
Wurlie User
Reservo User
Jan 11, 2014
59
0
0
Hi,

We have just released our vouchers plugin. For more information please go to https://mfscripts.com/blog/new-yetishare-voucher-reseller-plugin-offer-premium-voucher-codes-on-your-website

Kind regards,