Announcement

Collapse
No announcement yet.

Restricted Forums Security Exploit Help

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Hartmut
    replied
    That seems to be a problem with the permissions, checking them could solve this issue.

    Leave a comment:


  • MrFunEGUY
    replied
    I'm almost positive the permissions are set up correctly, but I will check again.

    Leave a comment:


  • Mark.B
    replied
    The activity stream follows all forum permissions, so you have your permissions set up wrongly for this to be happening.

    Leave a comment:


  • Amaury
    replied
    Check that specific forum's permissions.

    What are they set to for Registered Users?

    Leave a comment:


  • AliMadkour
    replied
    Strange!, You face that problem with all members or this member only? what happens if user try to access the thread from the URL ?

    Leave a comment:


  • MrFunEGUY
    started a topic [Forum] Restricted Forums Security Exploit Help

    Restricted Forums Security Exploit Help

    Okay, so here's the problem. On the forums that me and some other people manage, we have forum section for Staff Members only. These forums can only be viewed and posted in by users in a staff usergroup (Admin, Moderator, etc.). However, I just became awre of the fact that friends of staff member could also see what the staff members were posting in these restricted forums by going to their own profile and looking at their activity. Here's an example:

    Click image for larger version

Name:	Screen Shot 2013-01-20 at 10.04.39 PM.png
Views:	1
Size:	60.5 KB
ID:	3725398

    The user "Sate" would be able to see that the user "Dragons5439" posted in a restricted forum by going onto his own profile page. The forums we are using are currently running vBulletin 4.2 Patch Level 2. Does level 3 happen to resolve this issue?
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X