search

Astra-Development / Discord-Bot-List-v3

Free Discord Bot List Server List Website
https://discord.gg/sQQFSnQhdt
MIT License
57 stars 37 forks source link

BUG #24

Open kardespro opened 3 weeks ago

kardespro commented 3 weeks ago

First of all hello! In this Github Project, when we change the number of stars in the comment made to the Bot/Server to 0.9999999999 or 99999999999 in the repeater with burp suite, it is not possible to access the bot/server page where the comment was made.

You can install and test it locally yourself.

Regards NEGO

johnandreopoulos commented 3 weeks ago

First of all hello! In this Github Project, when we change the number of stars in the comment made to the Bot/Server to 0.9999999999 or 99999999999 in the repeater with burp suite, it is not possible to access the bot/server page where the comment was made.

You can install and test it locally yourself.

Regards NEGO

Thank you for raising this issue. The current code does not include an edit function for the comments. Additionally, please note that we no longer provide support for the source code.

If you have any further questions, feel free to ask.

kardespro commented 3 weeks ago

Hello, I am not talking about the "edit" function. It is created when a new comment is posted.

johnandreopoulos commented 3 weeks ago

Hello, I am not talking about the "edit" function. It is created when a new comment is posted.

Could you please provide more information about the issue you're facing? Specifically, it would be helpful if you could include any error messages or console log outputs, as well as any relevant errors from your EJS templates.

kardespro commented 3 weeks ago

No, I did not use this template myself, but I found this BUG on sites that use this template.

This error occurs when you send a new comment and set the starCount to 0.9999. Please install it locally and test it yourself.

When I change the starcount to 0.9999, an error occurs when I try to enter the page again.

johnandreopoulos commented 3 weeks ago

No, I did not use this template myself, but I found this BUG on sites that use this template.

This error occurs when you send a new comment and set the starCount to 0.9999. Please install it locally and test it yourself.

When I change the starcount to 0.9999, an error occurs when I try to enter the page again.

Thank you for raising this issue. I have made some changes to the comment system.

I believe the problem is now solved.

If you encounter any further problems, please provide more information, including any error messages or console log outputs, as well as any relevant errors from your EJS templates.

kardespro commented 3 weeks ago

Thanks for fixing it.

In my opinion (Just my opinion), SQL injection may occur in the params in the file I specified below, for example { "$ne": null } and anything you want can be done with it, but you should try it locally.

File Link