search

bra1n / judgebooth

Interactive Judge Booth
http://booth.magicjudges.org
Other
5 stars 4 forks source link

Security Issue: admin-suggest exposed to public #16

Open Takeno opened 6 years ago

Takeno commented 6 years ago

admin-suggest API is not protected by ACL and it is opened. It uses LIKE-query, so it can be potentially used for DDOS.