iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (0)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
Xinapse...It's InFamous...Serious bug...
  • [Deleted User]
    Posts: 0
    Detail Description: Spoofing usernames
    Link to Bug: MSN Me.
    Bug Severity:High
    Member Found By: InFamous

    I can spoof any username I'd like...Serious issue.
  • Xin
    Posts: 3,251
    Kk will speak to you after college
    Xin
  • George
    Posts: 707
    Hello,

    Xinapse x & Xinapse

    Are these both yours InFamous?

    Unfortunately, I believe this is a global issue through MyBB, I've contacted the Support team and am waiting further assistance, I'm closing this thread untill further notice.

    It was also shown to my attention that Moderators cannot view IP addresses within threads, this is a option in the MyBB admin CP and should be enabled if a Moderator were to help recover someones account, I recommend you enable "IP Addresses in Posts" Xinapse.


    Regards,
    George.
  • Xin
    Posts: 3,251
    Ive disabled moderators to view IP addresses for the privacy of members, but im pretty sure they can still see them anyway, just not on posts, also yeah this is the same for all mybb and hopefully people wont get mixed up with people with 0 posts and no admin sign :P
    Xin
  • George
    Posts: 707
    Hello,

    In my opinion, it's a good idea to have viewal of IP's enabled, other wise, it's all down to administrators to solve problems as staff can't help recover stolen accounts and speed up admins job.

    Besides, staff aren't going to do anything with IP's. I recommend you enable.

    Regards,
    George.
  • Xin
    Posts: 3,251
    Smods can view IPs as i said on msn with an ip you can be doxed, ddosed and hacked, and as most of the mods i barely know i dont want to give them too many privellages
    Xin
  • George
    Posts: 707
    Hello,

    Point taken, I agree 100% with this.

    Regards,
    George.
  • F3Biohazard
    Posts: 42
    said:


    Ive disabled moderators to view IP addresses for the privacy of members, but im pretty sure they can still see them anyway, just not on posts, also yeah this is the same for all mybb and hopefully people wont get mixed up with people with 0 posts and no admin sign :P



    If you dont trust the mods enough to see user IP's they shouldnt be mods in the first place
  • Xin
    Posts: 3,251
    Yeah but regular mods cant do an huge amount of harm anyway, and i trust them enough to be mods as i new a few of them from before and the others i new for atleast a week before :L
    Xin
  • F3Biohazard
    Posts: 42
    And also asfar as this exploit goes considering how omni is good friends with the mybb creators hes probably told them about the ghost characters considering the amount of times its happened on HF. The only thing i could think to create it would be the creators of MySQL would have to put out a security patch to stop ghost charecters or somehow edit the registration script. I might look into it but first i'd need to know more of the inners of how the exploit works.
This discussion has been closed.
All Discussions