Rating hack bug

SubJunk

Hi there,
The image rating has been working great for months, but now some pages, like this one http://www.dualmonitorbackgrounds.com/abstract/Petroleum.jpg.html are screwing up. It shows:

Rating:
751,456.9/5 (127 votes)

Not sure what's causing that. Any ideas?

trisweb

Could it be someone hacked it to insert a value greater than 5? You may want to check for that if it's possible...

trisweb

No hack needed, I found it. This averages the current score with 500,000

`http://www.dualmonitorbackgrounds.com/themes/dmb/db.php

?j=499999

&q=39

&t=68.122.159.210

&c=500000`

I'm sorry, I tested it on this image to find the exploit -- http://www.dualmonitorbackgrounds.com/abstract/MyBalls.jpg.html . It originally had a rating of 1.1 with 17 votes, you probably want to change the db back.

There's no limit to how hight that number can go, because the maximum vote is controlled by the query attribute `'c'`. That's bad, and allows anyone to modify the query URL to make whatever vote they want, even one that's more sly and less obvious... (like on this one, for example: http://www.dualmonitorbackgrounds.com/abstract/Tentacles.jpg.html I changed its rating from 3.3 w/ 7 votes to 5.0 w/ 8 votes with some quick math).

In db.php, change `$units = $_REQUEST['c'];` to `$units = 5;` to make the votes max out at 5 and reject all others, regardless of the query value.

SubJunk

Awesome, thanks. I'll change it tomorrow. I appreciate it a lot Might want to edit the code on the Trac too (if you haven't already)

SubJunk

Worked like a charm, thanks again!

emc

http://www.zenphoto.org/zenphoto/zp-core/plugins/rating.php?clear_rating=1

unacceptable
php code amateur

bye

emc

sorry
is only a small bug

acrylian

Thanks, we will look at that.