RsWebClientsJanuary 10, 2021 in Technical Problems
One of my members found an exploit being able to post unlimited chars on his profile fields
im not sure if this is a invision problem or theme problem?
Log a ticket with support.
What type of field do you have defined? Is anything being exploited here?
It seems that there is certainly an attempt at an exploit, or in making you think there is one from the presence of eval() in the submitted text, yet have they managed to exploit anything on your site?
It seems they just saved a profile full of text, which if these are editor fields, are just like posts without limit.
The "About Me" field is an editor field which uses a MEDIUMTEXT database field, meaning it can likely hold almost 16 million characters. This isn't an exploit (unless you have defined a maximum length for the field in the AdminCP which has been exceeded, although I wouldn't recommend doing so).
What is the "exploit" specifically? I can't see any problem in your screenshot. If he just submitted a bunch of text to an editor field...that's not an exploit. You can post the same stuff there that you can post in a forum post basically.
Started 7 hours ago
Started Thursday at 08:27 AM
Started March 13