Oh i think that's why phpBB disabled php images :S if compsci UPDATED its php.. this wouldn't have happned
Computer Science Canada Interesting Bug... |
| Author: | md [ Mon Nov 22, 2004 12:39 pm ] |
| Post subject: | Interesting Bug... |
[mod:713d8a11c9] This is not how we report bugs, epstaly when they have secuity conserces....... All users expolting this have be disbaled till it is fixed...... [/mod:713d8a11c9] |
|
| Author: | cool dude [ Mon Nov 22, 2004 1:39 pm ] |
| Post subject: | |
very funny, NOT. now i have to waste my time logging in. this post should be put into spam! |
|
| Author: | Mazer [ Mon Nov 22, 2004 2:08 pm ] |
| Post subject: | |
Actually, this saves me the trouble of having to log out. Very interesting. Thanks, cornflake. Remind me to give you bits later. |
|
| Author: | md [ Mon Nov 22, 2004 2:21 pm ] |
| Post subject: | |
Actually I put it here on purpose to show just how anoying it can be. I would sugest that someone with access to the forum source change the [img][/img] tags to not work when given login.php as the image source |
|
| Author: | Martin [ Mon Nov 22, 2004 3:07 pm ] |
| Post subject: | |
And I'm a sheep. Baaahhh. |
|
| Author: | Amailer [ Mon Nov 22, 2004 3:26 pm ] |
| Post subject: | |
Oh i think that's why phpBB disabled php images :S if compsci UPDATED its php.. this wouldn't have happned |
|
| Author: | Mazer [ Mon Nov 22, 2004 3:27 pm ] |
| Post subject: | |
martin wrote: And I'm a sheep. Baaahhh.
I think somebody needs to spend a little time in the "banned" corner... |
|
| Author: | Dan [ Mon Nov 22, 2004 3:37 pm ] |
| Post subject: | |
Coutsos wrote: martin wrote: And I'm a sheep. Baaahhh.
I think somebody needs to spend a little time in the "banned" corner... Oh he is...... |
|
| Author: | Dan [ Mon Nov 22, 2004 5:00 pm ] |
| Post subject: | |
There this bug has been fixed........me and amailer worked on it for a bit, whould have been sloved alot sooner if it was not for php being random and spaces starting to screw things up. I will reanable the acounts that where exploting the bug when i get time (or feal like it) i am still pissed off in the way u reported the bug. |
|
| Author: | md [ Mon Nov 22, 2004 10:22 pm ] |
| Post subject: | |
I appologize profusly O great forum admin  |
|
| Author: | djlenny_3000 [ Tue Nov 23, 2004 8:49 am ] |
| Post subject: | |
[cough]suck up[/cough] at least now its fixed |
|
| Author: | zylum [ Tue Nov 23, 2004 5:33 pm ] |
| Post subject: | |
now that the bug is fixed, what exactly was it? just curious... |
|
| Author: | md [ Tue Nov 23, 2004 7:05 pm ] |
| Post subject: | |
put a image link in your sig (or in a post...) pointing to the logout script it would cause anyone who read that post or sig to log out. It isn't all that bad a bug except martin put it in his sig, so you really couldn't read anything without being loged out. |
|
| Author: | Paul [ Tue Nov 23, 2004 8:16 pm ] |
| Post subject: | |
I never got logged out...  |
|
| Author: | Dan [ Tue Nov 23, 2004 8:51 pm ] |
| Post subject: | |
Paul wrote: I never got logged out...
Well they where only doing it for 1/2 of the one day, and it was only in martins posts realy. The bug has been fixed now, and if u try u get a nice compsci.ca logo insited of the logout script. |
|
| Author: | Mazer [ Tue Nov 23, 2004 9:08 pm ] |
| Post subject: | |
Super cool! |
|
| Author: | Dan [ Tue Nov 23, 2004 9:09 pm ] |
| Post subject: | |
This is what hapens now if u try: It chages it to go to the compsci.ca logo insted of the logout script[/img] |
|
| Author: | MyPistolsIn3D [ Wed Nov 24, 2004 4:14 pm ] |
| Post subject: | |
So that y i hada log in the other day. Everyone who was affected should get sum of martins bits.........  |
|
| Author: | Martin [ Wed Nov 24, 2004 4:16 pm ] |
| Post subject: | |
Have as many of my bits as you want. |
|
| Author: | MyPistolsIn3D [ Wed Nov 24, 2004 4:19 pm ] |
| Post subject: | |
wow, i did the same thing as that sheep in ur avatar, had to get 6 staples in my head lol. |
|
| Author: | Paul [ Wed Nov 24, 2004 5:00 pm ] |
| Post subject: | |
You mean, you were running after a bunch of girls... and didn't see the doorframe? |
|
| Author: | Martin [ Wed Nov 24, 2004 5:07 pm ] |
| Post subject: | |
My avatar is endlessly entertaining, isn't it? |
|
| Author: | Dan [ Wed Nov 24, 2004 5:24 pm ] |
| Post subject: | |
I just found another secuity hole realting to this bug.....it is now fixed and any one who trys to exploxile it in the new way is in for somting funny with the way it was recoed  |
|
| Author: | Amailer [ Wed Nov 24, 2004 5:46 pm ] |
| Post subject: | |
Sites with phpBB 2.0.6 don't have this bug patched 
and php-NUKES with phpBB 2.0.6 and below (.7 also i think) don't have this patched  i tired it. |
|
| Author: | Hikaru79 [ Wed Nov 24, 2004 6:07 pm ] |
| Post subject: | |
Hey, woah, it works!  Logged me out three times before I realized what was going on. LOL |
|
| Author: | Dan [ Wed Nov 24, 2004 6:20 pm ] |
| Post subject: | |
Hikaru79 wrote: Hey, woah, it works!
Logged me out three times before I realized what was going on. LOLNot any more......... |
|
| Author: | Viper [ Wed Nov 24, 2004 6:44 pm ] |
| Post subject: | |
bugs are such a pissoff (if u a admin thats it) if ur jus a joe nobody they can be pretty fun (i used 2 host a game but ppl kept findin bugs n never reportin them so i shut it dowm {dont shut this down though}) |
|
| Author: | MyPistolsIn3D [ Wed Nov 24, 2004 10:02 pm ] |
| Post subject: | |
Paul wrote: You mean, you were running after a bunch of girls... and didn't see the doorframe?
...sort of. lotsa blood. fun stuff. |
|
| Author: | templest [ Thu Nov 25, 2004 8:39 pm ] |
| Post subject: | |
I bet you it'll work with almost any intigrated php-script on this site. Hell, I wouldn't be surprised if I could make my own forum appear in the frame of one of my own posts some how using the img tag.
<table align="center" border="2" width="500px"> <tr> <td height="40" colspan="2" valign="top">  </td>
</tr> <tr> <td width="100px" align="center"><font size="-2"><u>Site Nav</u> Forums</font>  </td>
<td valign="top"><font size="-2"> <b><i>News: Thurs, Nov 25th, 2004</i></b> What's up.  Clicky What do you think of the very small and useless site I put on this post? I think I just found a new way to advertise!
<i>-Templest D Phatkow</i></font> </tr> </table> |
|
| Author: | Dan [ Thu Nov 25, 2004 8:47 pm ] |
| Post subject: | |
templest wrote: I bet you it'll work with almost any intigrated php-script on this site. Hell, I wouldn't be surprised if I could make my own forum appear in the frame of one of my own posts some how using the img tag.
Yes it does (or did), but the problem is only php scripts on this site being loaded from this site. Tho as far as we can tell only the logout one was like this....tho i have a bad fealing about some of the other ones...... |
|
| Author: | templest [ Fri Nov 26, 2004 7:52 am ] |
| Post subject: | |
If that bug isn't fixed in the original releases of PHPBB, It's probably time to submit a bug-fix, no? |
|
| Author: | Martin [ Fri Nov 26, 2004 1:49 pm ] |
| Post subject: | |
Dan, this isn't a security issue. It's annoying, and nothing more. |
|
| Author: | Dan [ Fri Nov 26, 2004 2:02 pm ] |
| Post subject: | |
martin wrote: Dan, this isn't a security issue.
It's annoying, and nothing more. It is a security issuse if u use the same method with some thougth rathern then to just be a jerk..... |
|
| Author: | Amailer [ Fri Nov 26, 2004 5:35 pm ] |
| Post subject: | |
templest wrote: If that bug isn't fixed in the original releases of PHPBB, It's probably time to submit a bug-fix, no?
It has been fixed, in fact they disbaled any images that have ? in the url just that dan never updates phpBB  |
|
| Author: | Dan [ Fri Nov 26, 2004 6:39 pm ] |
| Post subject: | |
Amailer wrote: It has been fixed, in fact they disbaled any images that have ? in the url just that dan never updates phpBB There is a reason for that....... |
|
| Author: | Tony [ Fri Nov 26, 2004 10:12 pm ] |
| Post subject: | |
Amailer wrote: just that dan never updates phpBB Hacker Dan wrote: There is a reason for that....... Yeah, because Dan is busy being whipped by Aoi  |
|
| Author: | templest [ Sat Nov 27, 2004 12:54 am ] |
| Post subject: | |
If you had cPanel set-up on this byatch you wouldn't have to worry about updating anything. Click the pretty button, and done. You don't have to do it the 'l33t' way. If it saves time, do it. |
|
| Author: | Dan [ Sat Nov 27, 2004 1:18 am ] |
| Post subject: | |
templest wrote: If you had cPanel set-up on this byatch you wouldn't have to worry about updating anything. Click the pretty button, and done. You don't have to do it the 'l33t' way. If it saves time, do it.
It dose not work like that when u have a custom fourm.......there have been so many chages to the code in this site it realy dose not matach any verson of phpbb. |
|
| Author: | octopi [ Sat Nov 27, 2004 1:26 am ] |
| Post subject: | |
You might want to fix this one too: |
|
| Author: | Dan [ Sat Nov 27, 2004 1:42 am ] |
| Post subject: | |
Yes, that one will be harder to fix.....right now i just did a quick fix of blocking that url. If u have any ideas on how to fix that realtivly easly i whould like to know.... |
|