Exploit. #27

ConniBug · 2021-04-15T19:49:51Z

People are able to register the same phone number because we dont check for it here in MemberFunction.js

    var check = await Members.find({
        $or: [{ email: email }, { tag: tag }],
    });

But if we add the phone number check and make sure they dont use the same number during verification like this

    var check = await Members.find({
        $or: [{ email: email }, { tag: tag }, { phonenumber: phonenumber, phonenumber_verified: true }],
    });

So that if the number has been setup and verified they cant use the same number twice that should fix the issue

But if someone adds there phone number doesnt verify it but then someone else adds the number then verifys it, as someone else has already got that number on record but unverified issues could start to appear with verification, and im unsure how we want to handle this.

The text was updated successfully, but these errors were encountered:

ConniBug · 2021-04-15T19:51:51Z

We could 100% add a check that runs on verification of a number to check if anyone else has added that number but not verified it then remove it but that could be chocky and i feel like there are maybe better solutions

#27 #27

ConniBug · 2021-04-15T20:08:26Z

Potential Fix
e2c4e2d

ConniBug added bug Something isn't working help wanted Extra attention is needed labels Apr 15, 2021

ConniBug assigned ConniBug and GGKLuke Apr 15, 2021

ConniBug pushed a commit that referenced this issue Apr 15, 2021

Potential Exploit fix for issue

e2c4e2d

#27 #27

ConniBug pinned this issue Apr 15, 2021

ConniBug closed this as completed Feb 1, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Exploit. #27

Exploit. #27

ConniBug commented Apr 15, 2021

ConniBug commented Apr 15, 2021

ConniBug commented Apr 15, 2021

Exploit. #27

Exploit. #27

Comments

ConniBug commented Apr 15, 2021

ConniBug commented Apr 15, 2021

ConniBug commented Apr 15, 2021