MAJOR flaw found in vbulletin !! MODS READ THIS NOW
 

Ok yet again i have found a major flaw in GFY and in all of the latest versions of vbulletin.

Simply put , if used properly, it means you can take over anyone's account.

Anyone who runs vbulletin needs to contact me ASAP ( smokey_the_bearz(AT)mailcity.com ) and look for the latest patch that should be available within the next few days i'm sure ( from vbulletin )...

There really isn't much to patch with this flaw, it's going to take some rewriting to patch properly.

GFY still has a few open holes as well besides this new one. " mods/techs you can't just patch the stuff i post , you have to read the previous emails i sent to the mods and lensman with exact details etc etc "


Now as far as gratitude. :Graucho

Should i just be handing out this stuff on a platter for gfy and everyone else with no thanks in return just because i happen to think GFY is quite fun and because im such a nice fellow ??

Or

Should i demand godlike status here and get to edit everyone's post at random and make people shove c bills down my stinky drawers to post. !! :1orglaugh


Or

Should i give the info away to someone who will wreak havoc upon gfy for a few weeks, take mods names and ban everyone else. :eyecrazy


Im all for full exposure/disclosure when flaws like the one i have found exist. I will refrain from posting the details here, only because i think gfy should be given some fair warning ( and because of the whiners , who think everything should be kept hush hush ) , BUT , i will give out full details to (any board) admins who contact me, so the information will be out there fairly soon.

Need i remind you what i could have done instead.. - Taken an admins name , locked out those who's opinion i don't happen to share. edited some posts to make people look foolish and confused, and generally cause quite a disturbance and confusion amongst the GFY populace..:1orglaugh

Mods- to sum it up , I told you about bad fruit, so you ignored it, so i showed you a bad apple and you threw it away, so i showed you a bad orange and you threw that away , so i showed you a bad banana and you threw that way .. - point,, look at the fruit closer.

Maybe you'd get more appreciation if you open a fruit stall.

p.s. this new flaw doesn't have much to do with html being allowed or not , so it affects almost every version of vbulletin.

how many of these have you found?

(and why really? you just bored?)

Smokey your full of shit:BangBang:

make an example of him!

You'll never have a fully secure code though...

Plus it is only a message board, using someone's account here the amount of damage that can be done is limited

They will always have a backup to go back to :321GFY

Yeah Smokey the shit, use my account and increace my post count for me:321GFY

is this a j0ke?

limited, yes- but limited to what?

what if soemone stole the account of some big industry player and made some bogus anouncement that wreaked havoc? :Graucho

there is quite a bit you could do with someone else's account for sure

Not to mention you fuck with people's livelihood then they send Juicy after you.

Don't rise to him, I don't think he can do much, the only stuff he's done before is put html in the img tags:321GFY

He's just desperate to get back in with Lensman etc...

lol. bullshiting perhaps?

or just some random script-kidde.

I would wager he found somthing.

come up with a fix for the fucking search engine out while you're at it jackass.

No joke , if the owners dont patch this shit be prepared to see some major fucking around on any board that runs the same script..

To those who dont think it serious.. If you know your shit just email me at address above and i will show you a working example..

Mods- If you give me permission we can setup a dummy account and i will show you how its done. Right before your very eyes..

Just make a restricted admin name and give me the go ahead , and i will take it .

* dveron, I don't think they want helping hands fixing things, they prefer to do it themselves despite the obvious drawbacks.. ( its slower but provides more security )

Give him a cookie

disable the search..that fixes all

:1orglaugh :1orglaugh :1orglaugh

how many ? about half a dozen to a dozen that gfy mods patched..

Why ? Because i run a popular non adult board using the same script..

?? huh ? the search function has nothing to do with it..

hate to admit it, but I agree

I've always liked you Bear. Can you go into Mystery Man account and put me on his ignore list.






thanks..

SexPush - Can you figure out how to turn on the Search feature for some of us who won't abuse it?

That'd be cool.

Thanks!

Add security code image?