07-23-2022, 11:46 PM
(07-23-2022, 11:03 PM)MyBBHacks Wrote: I checked the download file and changes are there.
Did you replace the ezgallery.php and ezgalleryuser.php in the root of your mybb install with the ones from the zip file?
So sorry hacks, I am such a clutz! I did forget all those extra files, concentrating too much on the folders I think! Doh!
It's now all working correctly except for one last thing. Its only a small thing I can live with because not many, if anyone would really do it. It it can be done!
If you copy and paste this link: http://mylovedoll.uk/ezgallery.php?su=user&cat=2&u=1 into the address bar, you are stopped from seeing the users private gallery. However, just change the last number and you are into the users private gallery and can see all the thumbnails of the images. However you can't open an image.
This is the only thing now that I can find. Well done on your work, outstanding. If you can fix great, but if not its still 98% secure
Tagcloud now doesn't show new private images, and the icon on images doesn't open private gallerys
Great!I do have a couple more request as I get deeper into the use of the gallery, but these aren't private vulnerabilities so I'll put them in feature request, if that's OK? I'll also do some tests on passwords tonight.
Gary
