New link in the top of page "IRC Chat".
Register | Login
Views: 122471291
Main | Memberlist | Active users | Calendar | Last Posts | IRC Chat | Online users
Ranks | FAQ | XPW | Stats | Color Chart | Photo album
03-28-24 09:16 AM
0 users currently in Help & Suggestions.
Xeogaming Forums - Help & Suggestions - Forum Hackers | |
Next newer thread | Next older thread
User Post
Gannondorf

Octorok








Since: 06-10-05
From: Playboy mansion

Since last post: 6442 days
Last activity: 5216 days
Posted on 06-24-05 06:01 AM Link | Quote
My forum uses the same the thing that powers this board i was just wondering if theres a way to prevent a hacker from hacking in a ruining my board
Xeoman

Ball and Chain Trooper
Administrator








Since: 08-14-04
From: 255

Since last post: 18 days
Last activity: 16 hours
Posted on 06-24-05 10:45 AM Link | Quote
This is a small fix that I know of:

In editprofile at the bottom after $loguserid = intval($loguserid);, add
$pemail = intval($pemail);
$signsep = intval($signsep);
$sscheme = intval($sscheme);
$posttool = intval($posttool);

For the most part that will prevent people from being able to admin themself through editprofile, but I'm sure there's still bugs on it. Luckily the AcmlmBoard team seems to be patching a lot of things up, hopefully we'll get a new release soon.
Stitch

Roy Koopa
Holy crap, it is the RoboCoonie!








Since: 08-20-04
From: California

Since last post: 695 days
Last activity: 695 days
Posted on 06-24-05 01:27 PM Link | Quote
And by essentially posting how to keep hackers away, you've enabled them to find a way to get around things. Bravo!
Xeoman

Ball and Chain Trooper
Administrator








Since: 08-14-04
From: 255

Since last post: 18 days
Last activity: 16 hours
Posted on 06-26-05 01:43 PM Link | Quote
Originally posted by Zabuza
And by essentially posting how to keep hackers away, you've enabled them to find a way to get around things. Bravo!


By simply pointing out an issue with SQL injection?

No.

Obviously you haven't even taken a look at the AcmlmBoard code, or maybe even anything-PHP for that matter.

If by me simply pointing out that some variables need to be put into intval before the SQL update reveals an exploit, by all means, show me.


(Last edited by Xeomega on 06-26-05 04:44 PM)
Stitch

Roy Koopa
Holy crap, it is the RoboCoonie!








Since: 08-20-04
From: California

Since last post: 695 days
Last activity: 695 days
Posted on 06-26-05 02:02 PM Link | Quote
Nope. Love this board too much to deal in pettiness. Don't mind me...bad week. Come to think of it, all my weeks are generally bad.
Kard Ayals
The Ultimate
Lv108
Posts2915
Counter2
Mv7Jm26
Hp2189/2189
Sp709/709
Atk361 Int279
Def389 Spd281
Hit254 Res275
Exp13225534
Next294965
Banhammer
Shining Armor
Admin Shield
Judge Hat
Admin Shoes
POWAR

Posted on 07-02-05 07:52 PM Link | Quote
I told this many times: There nothing wrong by pointing a fix. I mean, experienced hacker will find a way, anyway.

And guess what, Xeo knows about SQL injections because of an article I gave him a link to, on php.net
Leviathan

Magician








Since: 07-20-05
From: The 217th layer of hell. Quite temperate actually.

Since last post: 5300 days
Last activity: 5212 days
Posted on 07-24-05 01:09 PM Link | Quote
There is ALWAYS a way to get into a board.

Half of these places have glaring cookie errors (which i will not explain) that a normal member can use to make himself a root admin.

Back up often..take every precaution you know of..and keep your fingers crossed. That's all you can really do.
Next newer thread | Next older thread
Xeogaming Forums - Help & Suggestions - Forum Hackers |



xeogaming.org

AcmlmBoard 1.92++ r4 Baseline
?2000-2013 Acmlm, Emuz, Blades, Xkeeper, DarkSlaya*, Lord Alexandor*
*Unofficial Updates
Page rendered in 0.153 seconds.
0.033