|
|
|
|
|
|
by CommitSyn
1254 days ago
|
|
|
Ask him for a demo URL where he tests his plugin, send him a message to grab his admin cookie (don't make it complicated, just make it ping your server with with a 1px '/xss.jpg + document.cookie' and check your web logs), set your cookie as his to open his wp-admin and change something. Demonstrate why it's such a big deal since he is clearly a security novice. And yes, if there's anything I've learned about WooCommerce plugins and WordPress plugins in general, it's to be very careful. |
|
|
Here’s what he wrote to me (and his talk of manners would be fair if it were justified - he went on the attack as soon as I said there was XSS in his plugin).
-
“ok
Thank for the advice i will try to follow it.
well there is noting about haking your site with some text well that is a joke i will suggest you to change your university and most importantly learn some manners for talking with unknowns, seniors and any one in this world
Education doesn't teach us to earn from it. it teaches us how to behave and live a life without hurting anyone.
I'm a developer and having years of experience but you are a student and it's your learning stage, not for coding or anything like it but most importantly manners
coming back to your words. no one in this world can hack your site through the order notes nor any one wants today you are saying me joke of coding without knowing anything tomorrow you will be the joker of coding even the joker of computer science
i have developed you what you wanted and at that time you were agreed on it and now after month you learn something new and come back to me to misbehave with me and i think after 10 years you will again come and say to me somethink new that will be more interesting ”