197 lines
9.4 KiB
HTML
197 lines
9.4 KiB
HTML
<!DOCTYPE html>
|
|
<html lang="en">
|
|
|
|
<!-- Mirrored from dsipaint.com/helpdesk/view.php?id=12661 by HTTrack Website Copier/3.x [XR&CO'2017], Sat, 08 Apr 2023 14:16:56 GMT -->
|
|
<!-- Added by HTTrack --><meta http-equiv="content-type" content="text/html;charset=UTF-8" /><!-- /Added by HTTrack -->
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
|
|
<meta name="viewport" content="width=device-width" />
|
|
<meta name="description" content="3DSPaint: Games and Apps for the Nintendo 3DS Internet Browser" />
|
|
<meta name="keywords" content="3D Photo Gallery, 3DS Photo Gallery, Upload 3D Photos, Upload 3DS Photos, MPO, 3DSPaint, 3DS Opera SDK, Nintendo 3DS, 3DS, JavaScript, video games" />
|
|
<link rel="shortcut icon" href="../../external.html?link=https://dsipaint.com/favicon.ico" />
|
|
<link rel="apple-touch-icon" href="../apple-touch-icon.html" />
|
|
<link rel="stylesheet" href="../stylee993.css" type="text/css" />
|
|
<link rel="stylesheet" href="../lighte993.css" type="text/css" />
|
|
<script type="text/javascript">
|
|
function parse(json){
|
|
return (typeof JSON == 'object') ? JSON.parse(json) : eval(json);
|
|
}
|
|
|
|
var _gaq = _gaq || [];
|
|
_gaq.push(['_setAccount', 'UA-702344-11']);
|
|
_gaq.push(['_trackPageview']);
|
|
(function() {
|
|
var ga = document.createElement('script');
|
|
ga.type = 'text/javascript';
|
|
ga.async = true;
|
|
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
|
|
var s = document.getElementsByTagName('script')[0];
|
|
s.parentNode.insertBefore(ga, s);
|
|
})();
|
|
</script>
|
|
<title>Help Desk Request - Identity Theft (kinda)</title>
|
|
<script type="text/javascript">
|
|
'use strict';
|
|
var xhrKeepAlive = new XMLHttpRequest();
|
|
|
|
function keep_alive(){
|
|
xhrKeepAlive.open('GET.html', '../../external.html?link=https://dsipaint.com/includes/keepalive.php', true);
|
|
xhrKeepAlive.send(null);
|
|
setTimeout(keep_alive, 60000);
|
|
}
|
|
function mark_dupe(obj){
|
|
if(obj.checked){
|
|
document.getElementById('c_resolved').disabled=true;
|
|
}else{
|
|
document.getElementById('c_resolved').disabled=false;
|
|
}
|
|
}
|
|
|
|
window.onload = function(){
|
|
setTimeout(keep_alive, 60000);
|
|
}
|
|
</script>
|
|
</head>
|
|
<body style="background: url(../images/backgrounds/background0.png)">
|
|
|
|
<div style="padding:2px; text-align:center">
|
|
<a href="../../external.html?link=https://dsipaint.com/"><img src="../images/logo.png" alt="Logo" /></a>
|
|
</div>
|
|
|
|
<div class="menu_section" style="padding:0px">
|
|
|
|
|
|
<div class="menu_section">
|
|
<div class="nav_avatar">
|
|
<a onclick="showLogin();"><img src="../avatars_site/0.png" alt="Login" title="Login" /></a>
|
|
</div>
|
|
|
|
<div class="nav_div">Welcome, Guest.</div>
|
|
<div class="nav_div">
|
|
<a onclick="showLogin();">Login</a> | <a href="../../external.html?link=https://dsipaint.com/register.php">Register</a>
|
|
</div>
|
|
|
|
<div id="divLogin" style="display:none" >
|
|
<form action="#" method="post">
|
|
Username: <input type="text" name="username" class="form_field" /><br />
|
|
Password: <input type="password" name="password" class="form_field" /><br />
|
|
Remember me: <input type="checkbox" value="true" name="remember" /><br />
|
|
<input type="submit" value="Login" class="form_button" />
|
|
</form>
|
|
</div>
|
|
</div>
|
|
<script type="text/javascript">
|
|
function showLogin(){
|
|
document.getElementById('divLogin').style.display='block';
|
|
}
|
|
</script>
|
|
|
|
</div>
|
|
|
|
<h1>Help Desk Request - Identity Theft (kinda)</h1>
|
|
<div class="menu_section" style="margin-bottom:10px; padding:0px">
|
|
<div class="zebra">
|
|
<img src="../avatars_site/0.png" alt="Avatar" class="avatar" />
|
|
By <a href="../../external.html?link=https://dsipaint.com/member?id=138471">Untitled</a><br />
|
|
04 Aug 2021 11:31<br />
|
|
Category: Bug Report </div>
|
|
<div class="zebra">
|
|
While browsing the 3D photo gallery on 3dspaint on my 3ds, I saw a picture I was interested in viewing. This much is normal. I clicked on the photo, viewed it, rated it, and clicked the home button when something strange caught my eye as I left the page. Where it says "Welcome Untitled" (for me) next to the Logout button, I saw it saying welcome to a different username.
|
|
<br />
|
|
<br />Of course, this was strange, so I instantly went back to the page to make sure I wasn't going crazy. I wasn't. A different username took my spot. Upon further investigation of various 3d photos, my fidings were this:
|
|
<br />
|
|
<br />When you view a 3d photo from someone's gallery, the site temporarily gives you the owner's username, avatar, background, and theme (light or dark).
|
|
<br />Essentially, when you view a 3d photo from the gallery, you steal the owner's identity.
|
|
<br />This shouldn't be a security issue, since it seems that when you leave, you revert back to your normal self, but I am not educated enough in website security to make that call, so please look into this quickly if you think it may be a matter of member security threat. I don't expect that people with malicious intent would check the 3d photo gallery though for bugs.... (After all, who uses the 3d photo gallery these days...?)
|
|
<br />
|
|
<br /> </div>
|
|
<div class="zebra">
|
|
Resolved: No<br />
|
|
<label class="tag tag_default">Bug Report</label>
|
|
<label class="tag tag_medium">Medium</label>
|
|
<label class="tag tag_default">0 hr</label>
|
|
<div class="clear_div"></div>
|
|
</div>
|
|
</div>
|
|
|
|
<h1>Responses</h1>
|
|
<div class="menu_section" style="margin-bottom:10px; padding:0px">
|
|
<div class="zebra">
|
|
<img src="../images/art_gallery/244380.html" alt="Avatar" class="avatar" />
|
|
By <a href="../../external.html?link=https://dsipaint.com/member?id=140519">@GuiedGui</a><br />
|
|
05 Aug 2021 06:07 </div>
|
|
<div class="zebra">
|
|
I swear this is mentioned elsewhere as well.
|
|
<br />
|
|
<br />But yeah, was thinking the same thing Hull was. Not a hard fix, and it should not be a security issue </div>
|
|
<div class="zebra">
|
|
<img src="../images/art_gallery/174170.html" alt="Avatar" class="avatar" />
|
|
By <a href="../../external.html?link=https://dsipaint.com/member?id=1">@HullBreach</a><br />
|
|
05 Aug 2021 01:11 </div>
|
|
<div class="zebra">
|
|
It's going to just be a display issue, but it does need to be resolved. Generally, pages will include details for 2 users: The currently logged in one and the one who owns the content of that page. The code is most likely just pulling the wrong one in the display. </div>
|
|
</div>
|
|
<h1>History</h1>
|
|
<div class="menu_section" style="margin-bottom:10px; padding:0px;">
|
|
<div class="zebra">
|
|
<img src="../images/art_gallery/244380.html" alt="Avatar" class="avatar" />
|
|
<a href="../../external.html?link=https://dsipaint.com/member?id=140519">@GuiedGui</a> left a reply. <br />
|
|
05 Aug 2021 06:07 </div>
|
|
<div class="zebra">
|
|
<img src="../images/art_gallery/174170.html" alt="Avatar" class="avatar" />
|
|
<a href="../../external.html?link=https://dsipaint.com/member?id=1">@HullBreach</a> set the priority. <br />
|
|
05 Aug 2021 01:11 </div>
|
|
<div class="zebra">
|
|
<img src="../images/art_gallery/174170.html" alt="Avatar" class="avatar" />
|
|
<a href="../../external.html?link=https://dsipaint.com/member?id=1">@HullBreach</a> left a reply. <br />
|
|
05 Aug 2021 01:11 </div>
|
|
<div class="zebra">
|
|
<img src="../avatars_site/0.png" alt="Avatar" class="avatar" />
|
|
<a href="../../external.html?link=https://dsipaint.com/member?id=138471">@Untitled</a> created this request. <br />
|
|
04 Aug 2021 11:31 </div>
|
|
</div>
|
|
|
|
<div style="margin:5px; text-align:center">
|
|
<a href="../../external.html?link=https://dsipaint.com/"><img class="icon" src="../images/icons/icon_home.html" alt="Home" /></a>
|
|
<a href="../../external.html?link=https://dsipaint.com/helpdesk"><img class="icon" src="../images/icons/icon_back.html" alt="Help Desk Home" /></a>
|
|
</div>
|
|
|
|
|
|
<div style="font-size:10px; text-align:center">
|
|
Nintendo 3DS is ™ Nintendo Co. Ltd.
|
|
This website is ©2009-2023 HullBreach Studios. All rights reserved.
|
|
Members are responsible for their own content.
|
|
No account information will be given to third-parties without your consent.
|
|
</div>
|
|
|
|
<div id="divAlertPopup" class="alerts_popup menu_section"></div>
|
|
<script type="text/javascript">
|
|
var AlertPopupObj = new XMLHttpRequest();
|
|
function refreshMyPopupAlerts(){
|
|
AlertPopupObj.open('GET.html', '../../external.html?link=https://dsipaint.com/includes/ajax.section.my_alert_popup.php', true);
|
|
AlertPopupObj.send(null);
|
|
AlertPopupObj.onreadystatechange = function(){
|
|
if(AlertPopupObj.readyState>2 && AlertPopupObj.status>=400){
|
|
AlertPopupObj.onreadystatechange = function(){ setTimeout(refreshMyPopupAlerts, 60000); }
|
|
AlertPopupObj.abort();
|
|
return;
|
|
}
|
|
if(AlertPopupObj.readyState==4){
|
|
if(AlertPopupObj.responseText){
|
|
var divAlertPopup = document.getElementById('divAlertPopup'),
|
|
alerts = [];
|
|
try{ alerts = eval(AlertPopupObj.responseText); }catch(err){ }
|
|
if(alerts.length){
|
|
var alertString = '',
|
|
index = 0;
|
|
while(index<alerts.length){
|
|
alertString += 'New <a href="/mymessageviewer.php?message='+alerts[index].mess+'">Message</a> from <a href="/member?id='+alerts[index].id+'">'+alerts[index].name+'</a>';
|
|
index++;
|
|
}
|
|
divAlertPopup.innerHTML = alertString;
|
|
divAlertPopup.style.display = 'block';
|
|
}else{
|
|
divAlertPopup.style.display = 'none';
|
|
}
|
|
}
|
|
setTimeout(refreshMyPopupAlerts, 10000);
|
|
}
|
|
}
|
|
}
|
|
refreshMyPopupAlerts();
|
|
</script>
|
|
|
|
</body>
|
|
|
|
<!-- Mirrored from dsipaint.com/helpdesk/view.php?id=12661 by HTTrack Website Copier/3.x [XR&CO'2017], Sat, 08 Apr 2023 14:16:56 GMT -->
|
|
</html>
|