PhotoDune

Fancy Gallery exploit discovered

no-thumbnail
6 posts
  • Bought between 1 and 9 items
  • Has been a member for 3-4 years
willc says

[link removed]

Hoping this gets fixed ASAP .

11 months ago
no-thumbnail
2 posts
  • Bought between 1 and 9 items
  • Has been a member for 1-2 years
wpbns says

I noticed this posting today and I’m also very concerned.

I am wondering why the developer hasn’t replied (here). I sent him a message and hope that he’ll fix this and reply soon. Security issues are always a primary concern of mine.

Or, did you hear directly from the developer that this has been fixed already?

Thanks, Gary

11 months ago
KingDog
3006 posts
  • Has been a member for 3-4 years
  • Attended a Community Meetup
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Bought between 50 and 99 items
  • Canada
  • Community Ambassador
  • Beta Tester
  • Contributed a Tutorial to a Tuts+ Site
  • Envato Staff
+6 more
KingDog staff says

Good idea on contacting the author. If you don’t hear back from him, please contact Support as well. I removed the link to prevent possible problems. Thanks!

11 months ago
no-thumbnail
6 posts
  • Bought between 1 and 9 items
  • Has been a member for 3-4 years
willc says

I posted it in the comments of the plugin page and the author replied. He didn’t seem to understand what he was looking at (the exploit code). Not a good sign.

I also submitted a ticked directly to Envato and was told it was being escalated, but I haven’t heard from them in three days. Also not a good sign.

11 months ago
radykal
530 posts
  • Author was Featured
  • Bought between 10 and 49 items
  • Contributed a Blog Post
  • Elite Author
  • Exclusive Author
  • Germany
  • Has been a member for 3-4 years
  • Item was Featured
  • Referred between 100 and 199 users
+1 more
radykal says

Sorry guys. Thanks for pointing me to this. I am already working on a fix and a secure upload.

11 months ago
no-thumbnail
6 posts
  • Bought between 1 and 9 items
  • Has been a member for 3-4 years
willc says
KingDog said
Good idea on contacting the author. If you don’t hear back from him, please contact Support as well. I removed the link to prevent possible problems. Thanks!
I did file a ticket about this. Three days ago I was told the ticket was being elevated, then today I got this response:
Hello,

I am currently away on vacation celebrating another year of being alive :-)

I will not be able to respond to emails. If this is an urgent matter please contact http://support.envato.com who would be happy to assist you.

I will reply to your email as soon as possible upon my return. Thank you for your patience and have a great day!

Kind Regards, Drew

That doesn’t bode well for the level of perceived concern Envato places on the security of the products sold through your marketplace.

11 months ago
VF
4489 posts
  • Exclusive Author
  • Item was Featured
  • Author was Featured
  • Author had a File in an Envato Bundle
  • Elite Author
  • Has been a member for 4-5 years
  • Sold between 100 000 and 250 000 dollars
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • India
+4 more
VF says

^ willc, your first contact made through support channel or direct message to Drew? From my experience, this kind of gaps has no chance to occur if a ticket opened on support.

11 months ago
no-thumbnail
6 posts
  • Bought between 1 and 9 items
  • Has been a member for 3-4 years
willc says
VF said
^ Your first contact made through support channel or direct message to Drew? From my experience, this kind of gaps has no chance to occur through support.
I went back and looked, and the first response I got was from Drew on the 28th:
Hi Will,

Thank you for your email to Envato support. I am forwarding this along to the necessary staff for inspection, we’ll be in touch as soon as we can. Thanks!

Please let me know if I can be of further assistance.

Kind Regards, Drew
Then the next thing I got was the message above about Drew’s vacation today.
11 months ago
VF
4489 posts
  • Exclusive Author
  • Item was Featured
  • Author was Featured
  • Author had a File in an Envato Bundle
  • Elite Author
  • Has been a member for 4-5 years
  • Sold between 100 000 and 250 000 dollars
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • India
+4 more
VF says
^ You can open a support ticket and mention the ticket id on twitter for faster response: https://twitter.com/#!/envato_support
11 months ago
CodingJack
5007 posts The Dude Abides
  • United States
  • Elite Author
  • Has been a member for 4-5 years
  • Exclusive Author
  • Author was Featured
  • Sold between 50 000 and 100 000 dollars
  • Item was Featured
  • Contributed a Tutorial to a Tuts+ Site
  • Author had a Free File of the Month
+4 more
CodingJack says
willc said
Then the next thing I got was the message above about Drew’s vacation today.

Yes but Radykal just posted here that he’s currently working on a fix. Some bugs are easy to fix, some more difficult, so give him a few days and there will probably be an update that you can download from your downloads page.

11 months ago

Search forums

Active threads

what would you do if you had a 40inch flatscreen tv 37 replies, last by mudi 9 minutes ago
Post an Insane Lie about the Person Above 2 - Keep it Clean! 110 replies, last by DsignProductions 47 minutes ago
What are you doing to survive the Envato Apocalypse 2013? 16 replies, last by VF 2 hours ago
Themeforest for google glass concepts 14 replies, last by TimofeyOstanin 3 hours ago
DEVs & Staff : Can we get updated Followers Etc. 12 replies, last by TimofeyOstanin 3 hours ago
Earnings Became Zero Balance 9 replies, last by Graphic-Studio 7 hours ago
Let's share funny GIF animations 442 replies, last by Depard 8 hours ago
by
by
by
by
by