Announcement

Collapse
No announcement yet.

[Release v2.0.3] PasswordHack

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Afterburner
    replied
    userspezial$thread is the correct version
    with z not with c

    Leave a comment:


  • Flack Jacket
    replied
    yes...I have that in there exactly as you shoed it

    do you think it could be this:....."userspezial$thread" instead of spelled "userspecial$thread" that is causing the problem?

    My board is in english

    Leave a comment:


  • Afterburner
    replied
    did you modified the showtopic.php correctly ? I have the same code in the description of the hack than in my board.


    PHP Code:
    download the showthread.php and make a backup of this file

    look 
    for this code (ca 205):

    if (!
    $thread['visible']) {
      
    $idname="thread";
      eval(
    "standarderror(\"".gettemplate("error_invalidid")."\");");
      exit;
    }

    $forum=getforuminfo($thread['forumid']);

    add below this code:

    // Password-Hack-by Afterburner-Start 
    if ($forum['password']) {
    $boardid="userspezial$thread[forumid]";
    if (
    $bbuserinfo[$boardid] != 1) { 
    eval(
    "standarderror(\"".gettemplate('fehler_password_showtopic')."\");"); 
    exit; 

    }
    // Password-Hack-by Afterburner-End

    upload the showthread.php

    Leave a comment:


  • Flack Jacket
    replied
    Well....after further investigation....there are definately holes in this.

    I registered a name and then tried to access the protected forum......could not get in.....good.

    I removed all instances of "view new posts" or anything similar

    went to the search feature.....typed in a name of someone that posted in the protected forum.....boom...there are the links and yes.....you can click them and get in. (mind you that I never entered a password to access the protected forum before trying these things)

    backed out of that and went to that members profile and clicked on the last post (in the protected forum) and boom.....in again

    So I say....there are holes in this.

    I tried these thing on your board (afterburner) and they did not work......maybe some tweaks you did to yours that aren't documented in the installation file?

    I really want this to work but need some help to make it either not search and list threads in protected forums from every angle or something......

    anybody....please?
    Last edited by Flack Jacket; Wed 24 Oct '01, 4:33pm.

    Leave a comment:


  • Flack Jacket
    replied
    is there any way to get those that have already gotten in through a hole out?

    is it possible to code in that the cookie not be set for access to the protected forum?

    in other words.....make it so everyone with the password have to put it in every time they visit that forum?

    I have some that got in.......I need to be able to get them out

    Leave a comment:


  • Afterburner
    replied
    Originally posted by drives_fast
    then is it a cookie thing that allows me to get in that forum from all these links everywhere?

    I cleared all cookies, temp internet files, everything but all I have to do is login to my board and go to that forum and I am in.

    The only time I can't get in is if I am not logged into the board
    yes this is right, if you insert the correct password you are able to access the board every time, this settings are in your profile in the database, see in the instruction file from the hack there you can find my suggestions for the next version:
    unsubscribe a password protected board.

    Leave a comment:


  • Flack Jacket
    replied
    then is it a cookie thing that allows me to get in that forum from all these links everywhere?

    I cleared all cookies, temp internet files, everything but all I have to do is login to my board and go to that forum and I am in.

    The only time I can't get in is if I am not logged into the board

    Leave a comment:


  • Afterburner
    replied
    You can see the titel of the postings but you canĀ“t access the boards wich are protected. This is only a "see the topic title hole"

    Leave a comment:


  • Flack Jacket
    replied
    Is it just me or is this the most un-secure password protect set-up around?

    Please don't think me rude.......I installed this and there are holes everywhere.

    First of all I have vbportal installed. Understandably....this was not written to accomidate that but aside fro those holes in the vb forum itself there is the link at the top of the main forum page "Active Posts" (or something like that).........then there is the little button by the membername in the table on the main forum page for "last post" (or something).....then there is the search feature.......do a search on the membername you see as the last poster in the forum nad with the results you are in......plus...once someone gets in.....if they never log out.....you can't get them out.....they will be able to waltz right in without any logins or anything.....and let's not forget about clicking on the membername of the last poster on the front of that forum and in his profile there is the link to a post inside and you are in again.

    Is there any updates to this hack that will close all these holes?

    I really want this to work because I don't want to make the forum private...it is too much work to add all the names

    Thanks in advance....drives
    Last edited by Flack Jacket; Tue 23 Oct '01, 11:06pm.

    Leave a comment:


  • Afterburner
    replied
    go to your control panel
    click on modify (Forums and Moderators)
    choose a board and insert a password, up to now this board is password protected

    Leave a comment:


  • Clueless
    replied
    there's a demo on the first Post and that's what i can't see

    Leave a comment:


  • Kengan
    replied
    any demo please ! thanks !

    Leave a comment:


  • Clueless
    replied
    Hmmm slight prob i've added the hack without any errors, i ran the passwordhack.php first and deleted it after. and it said that it had completed the tables and to carry on with the Hack itself, so now i've finished it the board looks no different at all ????? there's no options in the control panel that i can see where you enter the password ?? Or an i missing something here )))))))

    Leave a comment:


  • Afterburner
    replied
    I uploaded the new version, if you have installed BETA 2 you can update with the steps in the post before

    Leave a comment:


  • Afterburner
    replied
    ok, here is the fix:

    open the user.php from your admin folder, look for this code:

    PHP Code:
    $sql "";
      
    $profilefields=$DB_site->query("SELECT profilefieldid,title FROM profilefield");
      while (
    $profilefield=$DB_site->fetch_array($profilefields)) {
        
    $varname="field$profilefield[profilefieldid]";
        
    $sql.=",'".addslashes($$varname)."'";
      }
      
    $DB_site->query("INSERT INTO userfield VALUES ($userid$sql)");

      
    $action="modify";

      echo 
    "<p>Record added</p>";



    and replace the code with this code:

    PHP Code:
    $sql "";
      
    $userfieldsnames="(userid";
      
    $profilefields=$DB_site->query("SELECT profilefieldid,title FROM profilefield");
      while (
    $profilefield=$DB_site->fetch_array($profilefields)) {
          
    $userfieldsnames.=",field$profilefield[profilefieldid]";
        
    $varname="field$profilefield[profilefieldid]";
        
    $sql.=",'".addslashes($$varname)."'";
      }
        
    $userfieldsnames.=')';
      
    $DB_site->query("INSERT INTO userfield $userfieldsnames VALUES ($userid$sql)");

      
    $action="modify";

      echo 
    "<p>Record added</p>";


    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X