Reply
cancel
Showing results for 
Search instead for 
Did you mean: 
Reply

Re: Critical Security issue in Messaging Service

Active Member
Md. Shihab U Member Since: Oct 7, 2015
1 of 12

Please check the link below , I have recorded the screen and uploaded the video in youtube

 

https://www.youtube.com/watch?v=EoKtyfWgnPA

Community Guru
Jean S Member Since: Oct 22, 2007
2 of 12

Is it that the message system is not connected to Upwork but is run by a different server or management system?

Active Member
Md. Shihab U Member Since: Oct 7, 2015
3 of 12

I dont think so, When we log out the current session and cookies get deleted so that user can't view anything without logging again, but when we are logged out from the site we still can send message and read new message from clients untill we reload the messaging page, I think before sending a message or recieving a message the system should check if the user is logged in or not.

Community Guru
Jennifer M Member Since: May 17, 2015
4 of 12

Does the message actually send though? You see it in the window as sent, but that doesnt mean it was actually sent. 

Active Member
Md. Shihab U Member Since: Oct 7, 2015
5 of 12

Didnt you notice I logged in again to check if the message was sent ot not, and the message was sent I checked by relogging in.

Highlighted
Community Guru
Jennifer M Member Since: May 17, 2015
6 of 12

You see it but is it actually sent? The customer can confirm that.

 

I've suspected that part of the messaging system issue is the sessions, so people type a message and it never goes through because they're logged out. This would follow along with my theory, but I'm just guessing.

 

.

Active Member
Md. Shihab U Member Since: Oct 7, 2015
7 of 12

I am confirming you the message was sent. i have checked it by re-loggin in afterdeleting Browser cache. yesterday My client also replied to my message,

Active Member
Md. Shihab U Member Since: Oct 7, 2015
8 of 12
 
Active Member
Md. Shihab U Member Since: Oct 7, 2015
9 of 12
I have checked from my phones messaging app. And the message was there too.
Community Guru
Claudia Z Member Since: Jul 28, 2015
10 of 12

At 3:20 it prompts to remember the password. Maybe its something to do with how the browser saves cookies/password...

 

 

I could replicate the exact behaviour on facebook. Dont have someone to check this on upworkSmiley Happy

TOP SOLUTION AUTHORS
TOP KUDOED MEMBERS