----------------------------------- md Mon Nov 22, 2004 12:39 pm Interesting Bug... ----------------------------------- This is not how we report bugs, epstaly when they have secuity conserces....... All users expolting this have be disbaled till it is fixed...... ----------------------------------- cool dude Mon Nov 22, 2004 1:39 pm ----------------------------------- very funny, NOT. now i have to waste my time logging in. this post should be put into spam! ----------------------------------- Mazer Mon Nov 22, 2004 2:08 pm ----------------------------------- Actually, this saves me the trouble of having to log out. Very interesting. Thanks, cornflake. Remind me to give you bits later. ----------------------------------- md Mon Nov 22, 2004 2:21 pm ----------------------------------- Actually I put it here on purpose to show just how anoying it can be. I would sugest that someone with access to the forum source change the [img][/img] tags to not work when given login.php as the image source ----------------------------------- Martin Mon Nov 22, 2004 3:07 pm ----------------------------------- And I'm a sheep. Baaahhh. ----------------------------------- Amailer Mon Nov 22, 2004 3:26 pm ----------------------------------- Oh i think that's why phpBB disabled php images :S if compsci UPDATED its php.. this wouldn't have happned :roll: ----------------------------------- Mazer Mon Nov 22, 2004 3:27 pm ----------------------------------- And I'm a sheep. Baaahhh. I think somebody needs to spend a little time in the "banned" corner... ----------------------------------- Dan Mon Nov 22, 2004 3:37 pm ----------------------------------- And I'm a sheep. Baaahhh. I think somebody needs to spend a little time in the "banned" corner... Oh he is...... ----------------------------------- Dan Mon Nov 22, 2004 5:00 pm ----------------------------------- There this bug has been fixed........me and amailer worked on it for a bit, whould have been sloved alot sooner if it was not for php being random and spaces starting to screw things up. I will reanable the acounts that where exploting the bug when i get time (or feal like it) i am still pissed off in the way u reported the bug. ----------------------------------- md Mon Nov 22, 2004 10:22 pm ----------------------------------- I appologize profusly O great forum admin :notworthy: ----------------------------------- djlenny_3000 Tue Nov 23, 2004 8:49 am ----------------------------------- [cough]suck up[/cough] at least now its fixed ----------------------------------- zylum Tue Nov 23, 2004 5:33 pm ----------------------------------- now that the bug is fixed, what exactly was it? just curious... ----------------------------------- md Tue Nov 23, 2004 7:05 pm ----------------------------------- put a image link in your sig (or in a post...) pointing to the logout script it would cause anyone who read that post or sig to log out. It isn't all that bad a bug except martin put it in his sig, so you really couldn't read anything without being loged out. ----------------------------------- Paul Tue Nov 23, 2004 8:16 pm ----------------------------------- I never got logged out... :? ----------------------------------- Dan Tue Nov 23, 2004 8:51 pm ----------------------------------- I never got logged out... :? Well they where only doing it for 1/2 of the one day, and it was only in martins posts realy. The bug has been fixed now, and if u try u get a nice compsci.ca logo insited of the logout script. ----------------------------------- Mazer Tue Nov 23, 2004 9:08 pm ----------------------------------- http://www.compsci.ca/v2/login.php?logout=true Super cool! ----------------------------------- Dan Tue Nov 23, 2004 9:09 pm ----------------------------------- This is what hapens now if u try: http://www.compsci.ca/v2/login.php?logout=true It chages it to go to the compsci.ca logo insted of the logout script[/img] ----------------------------------- MyPistolsIn3D Wed Nov 24, 2004 4:14 pm ----------------------------------- So that y i hada log in the other day. Everyone who was affected should get sum of martins bits......... :lol: ----------------------------------- Martin Wed Nov 24, 2004 4:16 pm ----------------------------------- Have as many of my bits as you want. ----------------------------------- MyPistolsIn3D Wed Nov 24, 2004 4:19 pm ----------------------------------- wow, i did the same thing as that sheep in ur avatar, had to get 6 staples in my head lol. ----------------------------------- Paul Wed Nov 24, 2004 5:00 pm ----------------------------------- You mean, you were running after a bunch of girls... and didn't see the doorframe? ----------------------------------- Martin Wed Nov 24, 2004 5:07 pm ----------------------------------- My avatar is endlessly entertaining, isn't it? ----------------------------------- Dan Wed Nov 24, 2004 5:24 pm ----------------------------------- I just found another secuity hole realting to this bug.....it is now fixed and any one who trys to exploxile it in the new way is in for somting funny with the way it was recoed :twisted: ----------------------------------- Amailer Wed Nov 24, 2004 5:46 pm ----------------------------------- Sites with phpBB 2.0.6 don't have this bug patched :P and php-NUKES with phpBB 2.0.6 and below (.7 also i think) don't have this patched :) i tired it. ----------------------------------- Hikaru79 Wed Nov 24, 2004 6:07 pm ----------------------------------- Hey, woah, it works! :| Logged me out three times before I realized what was going on. LOL ----------------------------------- Dan Wed Nov 24, 2004 6:20 pm ----------------------------------- Hey, woah, it works! :| Logged me out three times before I realized what was going on. LOL Not any more......... ----------------------------------- Viper Wed Nov 24, 2004 6:44 pm ----------------------------------- bugs are such a pissoff (if u a admin thats it) if ur jus a joe nobody they can be pretty fun (i used 2 host a game but ppl kept findin bugs n never reportin them so i shut it dowm {dont shut this down though}) ----------------------------------- MyPistolsIn3D Wed Nov 24, 2004 10:02 pm ----------------------------------- You mean, you were running after a bunch of girls... and didn't see the doorframe? ...sort of. lotsa blood. fun stuff. ----------------------------------- templest Thu Nov 25, 2004 8:39 pm ----------------------------------- I bet you it'll work with almost any intigrated php-script on this site. Hell, I wouldn't be surprised if I could make my own forum appear in the frame of one of my own posts some how using the img tag. :P http://img.photobucket.com/albums/v251/templest/tiri.png Site Nav http://img.photobucket.com/albums/v251/templest/madeinusa.jpg News: Thurs, Nov 25th, 2004 What's up.[url=http://xiplst.uni.cc/]:D Clicky What do you think of the very small and useless site I put on this post? I think I just found a new way to advertise! :shock: -Templest D Phatkow ----------------------------------- Dan Thu Nov 25, 2004 8:47 pm ----------------------------------- I bet you it'll work with almost any intigrated php-script on this site. Hell, I wouldn't be surprised if I could make my own forum appear in the frame of one of my own posts some how using the img tag. :P Yes it does (or did), but the problem is only php scripts on this site being loaded from this site. Tho as far as we can tell only the logout one was like this....tho i have a bad fealing about some of the other ones...... ----------------------------------- templest Fri Nov 26, 2004 7:52 am ----------------------------------- If that bug isn't fixed in the original releases of PHPBB, It's probably time to submit a bug-fix, no? ----------------------------------- Martin Fri Nov 26, 2004 1:49 pm ----------------------------------- Dan, this isn't a security issue. It's annoying, and nothing more. ----------------------------------- Dan Fri Nov 26, 2004 2:02 pm ----------------------------------- Dan, this isn't a security issue. It's annoying, and nothing more. It is a security issuse if u use the same method with some thougth rathern then to just be a jerk..... ----------------------------------- Amailer Fri Nov 26, 2004 5:35 pm ----------------------------------- If that bug isn't fixed in the original releases of PHPBB, It's probably time to submit a bug-fix, no? It has been fixed, in fact they disbaled any images that have ? in the url :P just that dan never updates phpBB :roll: ----------------------------------- Dan Fri Nov 26, 2004 6:39 pm ----------------------------------- It has been fixed, in fact they disbaled any images that have ? in the url :P just that dan never updates phpBB :roll: There is a reason for that....... ----------------------------------- Tony Fri Nov 26, 2004 10:12 pm ----------------------------------- just that dan never updates phpBB :roll: There is a reason for that....... Yeah, because Dan is busy being whipped by Aoi :lol: ----------------------------------- templest Sat Nov 27, 2004 12:54 am ----------------------------------- If you had cPanel set-up on this byatch you wouldn't have to worry about updating anything. Click the pretty button, and done. You don't have to do it the 'l33t' way. If it saves time, do it. ----------------------------------- Dan Sat Nov 27, 2004 1:18 am ----------------------------------- If you had cPanel set-up on this byatch you wouldn't have to worry about updating anything. Click the pretty button, and done. You don't have to do it the 'l33t' way. If it saves time, do it. It dose not work like that when u have a custom fourm.......there have been so many chages to the code in this site it realy dose not matach any verson of phpbb. ----------------------------------- octopi Sat Nov 27, 2004 1:26 am ----------------------------------- You might want to fix this one too: http://tinyurl.com/3mlw8 ----------------------------------- Dan Sat Nov 27, 2004 1:42 am ----------------------------------- Yes, that one will be harder to fix.....right now i just did a quick fix of blocking that url. If u have any ideas on how to fix that realtivly easly i whould like to know....