Silk Road forums

Support => Customer support => Topic started by: offbeatadam on August 23, 2013, 11:28 pm

Title: Discovered a problem...
Post by: offbeatadam on August 23, 2013, 11:28 pm
So, to at least mitigate a little risk, I don't intend or want to post what got displayed to me when finalizing an order. However, I'd like to know what to do about it.

Should I open a support ticket on the site?

It wasn't names or anything don't get me wrong, but it was an output that wasn't at all associated to what I was doing. It wasn't getting logged into someone else, and it wasn't getting logged out. It was just text, probably a left over print/echo from development.
Title: Re: Discovered a problem...
Post by: cirrus on August 24, 2013, 04:02 am
Was it a lot of random feedback related code?

Title: Re: Discovered a problem...
Post by: offbeatadam on August 24, 2013, 04:28 am
Was it a lot of random feedback related code?

No. Not even close. The only way it could be associated to feedback, was it happened when I was leaving feedback. To that extent, yes, it is feedback related. It's not actually code - though it could be construed as such. It's actual information.

Let me clarify, it happened after I hit "submit" on the feedback form, following using the finalize link. The feedback posted fine, and no issues were noticed there. This happened en-route to the next stop after posting the feedback.
Title: Re: Discovered a problem...
Post by: doublebass69 on August 24, 2013, 05:03 am
Got the same thing.  Looked at it a bit, didn't look dangerous, just values of different items of the screen. The html code i think.  Should probably be fixed though.
Title: Re: Discovered a problem...
Post by: offbeatadam on August 24, 2013, 05:08 am
Got the same thing.  Looked at it a bit, didn't look dangerous, just values of different items of the screen. The html code i think.  Should probably be fixed though.

Nope. This isn't HTML. Ultimately I know what it is and where it is from, but I'm trying to avoid giving too much away on purpose.
Title: Re: Discovered a problem...
Post by: convergedlight on August 24, 2013, 05:54 am
Yeah, I saw the same thing.  Looked like a php array of some kind printed to the screen for debug purposes and left enabled by mistake.
Title: Re: Discovered a problem...
Post by: gundoors on August 24, 2013, 07:38 am
I believe I received similar output when performing my finalization today.  I AM concerned.  Like offbeatadam suggests, it isn't anything as blatant as User Credentials, however it was a lot of user information that I should never be able to see.

Like offbeatadam, I'm reluctant to describe a lot of details.  It isn't HTML, it is 'kinda' like JavaScript-like, but more like debug output than anything else.  However, based on what I see as I parse through it (reorganize for readability), it looks like records of ALL of the feedback I have ever given.

In any case, this makes me worried.  If I'm seeing this level of information at an incorrect time, is anyone else "accidentally" seeing account information that they shouldn't?

OffBeatAdam.  open a support ticket.  PM me if you are curious about how I organized the output in a text editor to look at it more rationally.
Title: Re: Discovered a problem...
Post by: SelfSovereignty on August 24, 2013, 08:09 am
You guys sound awfully scary being all vague like :P

Everyone who leaves feedback the past day or so has seen it (or will).  It's only your own feedback history, no one elses.  It's not terribly dangerous.  The fact that it's visible at all is unsettling, sure, but this specific bug is a minor problem.
Title: Re: Discovered a problem...
Post by: WhiteShark on August 24, 2013, 08:12 am
There's several threads about this

http://dkn255hz262ypmii.onion/index.php?topic=206376.0

http://dkn255hz262ypmii.onion/index.php?topic=206481


http://dkn255hz262ypmii.onion/index.php?topic=206101.0

Looks like its a bug that DPR should have fixed soon. Apparently no sensitive info is disclosed
Title: Re: Discovered a problem...
Post by: ChemCat on August 24, 2013, 08:20 am
This Should be in "Bug Reports" 


Just Sayin...


Peace,

ChemCat 

                         O0