Announcement

Collapse
No announcement yet.

[Release v2.0.3] PasswordHack

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    any demo please ! thanks !

    Comment


    • #17
      there's a demo on the first Post and that's what i can't see

      Comment


      • #18
        go to your control panel
        click on modify (Forums and Moderators)
        choose a board and insert a password, up to now this board is password protected

        Comment


        • #19
          Is it just me or is this the most un-secure password protect set-up around?

          Please don't think me rude.......I installed this and there are holes everywhere.

          First of all I have vbportal installed. Understandably....this was not written to accomidate that but aside fro those holes in the vb forum itself there is the link at the top of the main forum page "Active Posts" (or something like that).........then there is the little button by the membername in the table on the main forum page for "last post" (or something).....then there is the search feature.......do a search on the membername you see as the last poster in the forum nad with the results you are in......plus...once someone gets in.....if they never log out.....you can't get them out.....they will be able to waltz right in without any logins or anything.....and let's not forget about clicking on the membername of the last poster on the front of that forum and in his profile there is the link to a post inside and you are in again.

          Is there any updates to this hack that will close all these holes?

          I really want this to work because I don't want to make the forum private...it is too much work to add all the names

          Thanks in advance....drives
          Last edited by Flack Jacket; Tue 23 Oct '01, 11:06pm.

          Comment


          • #20
            You can see the titel of the postings but you canĀ“t access the boards wich are protected. This is only a "see the topic title hole"

            Comment


            • #21
              then is it a cookie thing that allows me to get in that forum from all these links everywhere?

              I cleared all cookies, temp internet files, everything but all I have to do is login to my board and go to that forum and I am in.

              The only time I can't get in is if I am not logged into the board

              Comment


              • #22
                Originally posted by drives_fast
                then is it a cookie thing that allows me to get in that forum from all these links everywhere?

                I cleared all cookies, temp internet files, everything but all I have to do is login to my board and go to that forum and I am in.

                The only time I can't get in is if I am not logged into the board
                yes this is right, if you insert the correct password you are able to access the board every time, this settings are in your profile in the database, see in the instruction file from the hack there you can find my suggestions for the next version:
                unsubscribe a password protected board.

                Comment


                • #23
                  is there any way to get those that have already gotten in through a hole out?

                  is it possible to code in that the cookie not be set for access to the protected forum?

                  in other words.....make it so everyone with the password have to put it in every time they visit that forum?

                  I have some that got in.......I need to be able to get them out

                  Comment


                  • #24
                    Well....after further investigation....there are definately holes in this.

                    I registered a name and then tried to access the protected forum......could not get in.....good.

                    I removed all instances of "view new posts" or anything similar

                    went to the search feature.....typed in a name of someone that posted in the protected forum.....boom...there are the links and yes.....you can click them and get in. (mind you that I never entered a password to access the protected forum before trying these things)

                    backed out of that and went to that members profile and clicked on the last post (in the protected forum) and boom.....in again

                    So I say....there are holes in this.

                    I tried these thing on your board (afterburner) and they did not work......maybe some tweaks you did to yours that aren't documented in the installation file?

                    I really want this to work but need some help to make it either not search and list threads in protected forums from every angle or something......

                    anybody....please?
                    Last edited by Flack Jacket; Wed 24 Oct '01, 4:33pm.

                    Comment


                    • #25
                      did you modified the showtopic.php correctly ? I have the same code in the description of the hack than in my board.


                      PHP Code:
                      download the showthread.php and make a backup of this file

                      look 
                      for this code (ca 205):

                      if (!
                      $thread['visible']) {
                        
                      $idname="thread";
                        eval(
                      "standarderror(\"".gettemplate("error_invalidid")."\");");
                        exit;
                      }

                      $forum=getforuminfo($thread['forumid']);

                      add below this code:

                      // Password-Hack-by Afterburner-Start 
                      if ($forum['password']) {
                      $boardid="userspezial$thread[forumid]";
                      if (
                      $bbuserinfo[$boardid] != 1) { 
                      eval(
                      "standarderror(\"".gettemplate('fehler_password_showtopic')."\");"); 
                      exit; 

                      }
                      // Password-Hack-by Afterburner-End

                      upload the showthread.php

                      Comment


                      • #26
                        yes...I have that in there exactly as you shoed it

                        do you think it could be this:....."userspezial$thread" instead of spelled "userspecial$thread" that is causing the problem?

                        My board is in english

                        Comment


                        • #27
                          userspezial$thread is the correct version
                          with z not with c

                          Comment

                          widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                          Working...
                          X