You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the Ayamel production site, the "Create an Account" form accepts almost anything as input.
For example, I can put it a single character into the username form, and as long as it isn't a username that is already taken, thus an account can be created account without inputting any of the other information.
Similar issues are occurring on the beta site as long as matching passwords are typed in. For example I was able to create a user named ' OR SELECT * WHERE '1' = '1 (this didn't return any info from the database... but still...)
Anyways, since we are going to get rid of this functionality for Y-Video/future updates, it might be a good idea to get rid of it ASAP just in case.
The text was updated successfully, but these errors were encountered:
In the Ayamel production site, the "Create an Account" form accepts almost anything as input.
For example, I can put it a single character into the username form, and as long as it isn't a username that is already taken, thus an account can be created account without inputting any of the other information.
Similar issues are occurring on the beta site as long as matching passwords are typed in. For example I was able to create a user named ' OR SELECT * WHERE '1' = '1 (this didn't return any info from the database... but still...)
Anyways, since we are going to get rid of this functionality for Y-Video/future updates, it might be a good idea to get rid of it ASAP just in case.
The text was updated successfully, but these errors were encountered: