Results 1 to 9 of 9

Thread: Break my forums

  1. #1
    FLAC
    Join Date
    Jan 2001
    Posts
    1,612

    Post Break my forums

    Well, I think I have all the database problems fixed i'm hoping some of you guys will help me out reporting errors and such.
    http://www22.brinkster.com/bgoodman/

  2. #2
    FLAC
    Join Date
    Jan 2001
    Posts
    1,612

    Post

    just went over my bandwifth limit, they should be working again in another 5 hours or so

  3. #3
    Retired Admin Aaron Cake's Avatar
    Join Date
    Jan 2000
    Location
    London, Ontario, Canada
    Posts
    2,464

    Cool

    Do you know about the IMG tag exploit? If not, I could get your admin passwords and anything else I wanted right now...
    Player: Pentium 166MMX, Amptron 598LMR MB w/onboard Sound, Video, LAN, 10.2 Gig Fujitsu Laptop HD, Arise 865 DC-DC Converter, Lexan Case, Custom Software w/Voice Interface, MS Access Based Playlists
    Car: 1986 Mazda RX-7 Turbo (highly modded), 1978 RX-7 Beater (Dead, parting out), 2001 Honda Insight
    "If one more body-kitted, cut-spring-lowered, farty-exhausted Civic revs on me at an intersection, I swear I'm going to get out of my car and cram their ridiculous double-decker aluminium wing firmly up their rump."

  4. #4
    FLAC
    Join Date
    Aug 1999
    Location
    Upper Marlboro, MD 20772
    Posts
    1,311

    Wink

    lol....that is too funny....Say Aaron, get it and post it all over the NET
    abcd-1
    Author of CobraI,II,III and now CobraIV.
    You can contact me on AOL instant messenger....nick is cenwesi or cenwesi3

  5. #5
    Maximum Bitrate
    Join Date
    Mar 2001
    Location
    Cincinnati, OH USA
    Posts
    694

    Post

    What IMG tag exploit?
    http://www.mp3car.com/usersites/Maveric/ M.A.V.I.C. System
    Asus MB, PII 266, 192 MB Ram, 6.8" LCD, 6 Disk CD-ROM, 21 Gig HD, All-in-Wonder Video w/ TV Tuner, Irman, Windows ME, Winamp, Cobra III -- All in a custom acrylic case.

    http://www.mp3car.com/usersites/listings/ MP3car Listings - Please add to it! :)

  6. #6
    FLAC
    Join Date
    Jan 2001
    Posts
    1,612

    Post

    Originally posted by Aaron Cake:
    <STRONG>Do you know about the IMG tag exploit? If not, I could get your admin passwords and anything else I wanted right now...</STRONG>
    I guess not. but it doesn't really matter. I use different passwords for everything

  7. #7
    Retired Admin Aaron Cake's Avatar
    Join Date
    Jan 2000
    Location
    London, Ontario, Canada
    Posts
    2,464

    Cool

    The IMG exploit allows me to gain access to everything. All usernames, passwords, and perhaps even the database itself (depending on how you have things set up).

    If you head over to http://forum.snitz.com/forum you can read all about it.
    Player: Pentium 166MMX, Amptron 598LMR MB w/onboard Sound, Video, LAN, 10.2 Gig Fujitsu Laptop HD, Arise 865 DC-DC Converter, Lexan Case, Custom Software w/Voice Interface, MS Access Based Playlists
    Car: 1986 Mazda RX-7 Turbo (highly modded), 1978 RX-7 Beater (Dead, parting out), 2001 Honda Insight
    "If one more body-kitted, cut-spring-lowered, farty-exhausted Civic revs on me at an intersection, I swear I'm going to get out of my car and cram their ridiculous double-decker aluminium wing firmly up their rump."

  8. #8
    Maximum Bitrate
    Join Date
    Mar 2001
    Location
    Cincinnati, OH USA
    Posts
    694

    Post

    Ok... I searched through the forum for the IMG exploit and couldn't find it. Can you give me the specifics? I have 3 Snitz forums on the sites I design, 1 is the newest version and 2 are older versions (Guess I need to update them!).
    http://www.mp3car.com/usersites/Maveric/ M.A.V.I.C. System
    Asus MB, PII 266, 192 MB Ram, 6.8" LCD, 6 Disk CD-ROM, 21 Gig HD, All-in-Wonder Video w/ TV Tuner, Irman, Windows ME, Winamp, Cobra III -- All in a custom acrylic case.

    http://www.mp3car.com/usersites/listings/ MP3car Listings - Please add to it! :)

  9. #9
    Retired Admin Aaron Cake's Avatar
    Join Date
    Jan 2000
    Location
    London, Ontario, Canada
    Posts
    2,464

    Cool

    I hesitate to tell you publically, but the older version of Snitz (3.1 R4 or something??) will allow certain JavaScript in the IMG tag to dump the contents of the user's cookie into a CGI script running on another server. You could see how this could be a problem if the message was read under Admin or a moderator account. Basically, it is very difficult to detect this exploit until the forum has been compromised. Easiest thing to do is to just disable the IMG tag. I think that you need to search the Archive forum at the Snitz site to find it, or just ask in the Help section. I believe the problem is fixed in the newest release.
    Player: Pentium 166MMX, Amptron 598LMR MB w/onboard Sound, Video, LAN, 10.2 Gig Fujitsu Laptop HD, Arise 865 DC-DC Converter, Lexan Case, Custom Software w/Voice Interface, MS Access Based Playlists
    Car: 1986 Mazda RX-7 Turbo (highly modded), 1978 RX-7 Beater (Dead, parting out), 2001 Honda Insight
    "If one more body-kitted, cut-spring-lowered, farty-exhausted Civic revs on me at an intersection, I swear I'm going to get out of my car and cram their ridiculous double-decker aluminium wing firmly up their rump."

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •