then let report the vulnerability to developer and
please tell me what is vulnerable in this script.
2. Go to Menu, Click Game
3. Add Game
4. At Game Content, enter your xss code. for example:
<script>document.body.innerHTML="your text here"</script><noscript>
look at the result
yeah i can see that.
but that is a error in game section only. if i come back to my home page everything is well. then how my site get hacked ??
This is simple example.If someone use xss code,it will distroy ur website within seconds.
Ok give ur site link.I will show u :-D
okay i understand.
Let me report the vulnerability to developer of script.
If you never purchase this script..you put yourself in big trouble by doing that.he already aware of this vulnerability.
I have a purchased scripts so I must contact them. I have reported to developer. Let wait for there reply.
Read response from author on script page.
Yeah I have already read that. I have sent a email to author to fix. after fix I will share you retail version. And they anyone nulled that.
pRocrea8 added ans for how to prevent xss attack through games feature:
"Truly allowing embed of flash codes from untrusted website is not good, so the next coming update has the feature to upload a flash(.swf) games in which admin can allow embed of codes by only admins (trusted members)
But for now before the update arrive you can disable the ability for your members to add games to prevent this attack
Go to admincp -> configurations -> games
Thanks pRocrea8"
see here:
http://codecanyon.net/item/crea8social-p...70/support