New link in the top of page "IRC Chat".
Register | Login
Views: 111458788
Main | Memberlist | Active users | Calendar | Last Posts | IRC Chat | Online users
Ranks | FAQ | XPW | Stats | Color Chart | Photo album
12-08-22 03:40 PM
0 users currently in Help & Suggestions.
Xeogaming Forums - Help & Suggestions - Forum Hackers
  
User name:
Password:
Reply:
 
Options: - -
UserPost
Leviathan
Posts: 33/210
There is ALWAYS a way to get into a board.

Half of these places have glaring cookie errors (which i will not explain) that a normal member can use to make himself a root admin.

Back up often..take every precaution you know of..and keep your fingers crossed. That's all you can really do.
Kard Ayals
Posts: 415/2915
I told this many times: There nothing wrong by pointing a fix. I mean, experienced hacker will find a way, anyway.

And guess what, Xeo knows about SQL injections because of an article I gave him a link to, on php.net
Stitch
Posts: 498/2785
Nope. Love this board too much to deal in pettiness. Don't mind me...bad week. Come to think of it, all my weeks are generally bad.
Xeoman
Posts: 1624/11747
Originally posted by Zabuza
And by essentially posting how to keep hackers away, you've enabled them to find a way to get around things. Bravo!


By simply pointing out an issue with SQL injection?

No.

Obviously you haven't even taken a look at the AcmlmBoard code, or maybe even anything-PHP for that matter.

If by me simply pointing out that some variables need to be put into intval before the SQL update reveals an exploit, by all means, show me.
Stitch
Posts: 482/2785
And by essentially posting how to keep hackers away, you've enabled them to find a way to get around things. Bravo!
Xeoman
Posts: 1621/11747
This is a small fix that I know of:

In editprofile at the bottom after $loguserid = intval($loguserid);, add
$pemail = intval($pemail);
$signsep = intval($signsep);
$sscheme = intval($sscheme);
$posttool = intval($posttool);

For the most part that will prevent people from being able to admin themself through editprofile, but I'm sure there's still bugs on it. Luckily the AcmlmBoard team seems to be patching a lot of things up, hopefully we'll get a new release soon.
Gannondorf
Posts: 18/32
My forum uses the same the thing that powers this board i was just wondering if theres a way to prevent a hacker from hacking in a ruining my board
Xeogaming Forums - Help & Suggestions - Forum Hackers



xeogaming.org

AcmlmBoard 1.92++ r4 Baseline
?2000-2013 Acmlm, Emuz, Blades, Xkeeper, DarkSlaya*, Lord Alexandor*
*Unofficial Updates
Page rendered in 0.132 seconds.
0.034