UPDATE PHBB OR ILL HACK IT!

Discussion in 'Site Feedback' started by Halycon, Dec 13, 2001.

Remove all ads!
Support Terra-Arcanum:

GOG.com

PayPal - The safer, easier way to pay online!
  1. Halycon

    Halycon New Member

    Messages:
    15
    Likes Received:
    0
    Joined:
    Dec 12, 2001
  2. Jarinor

    Jarinor New Member

    Messages:
    6,350
    Likes Received:
    1
    Joined:
    Aug 5, 2001
    Way to be l337 and 7hr3471n1ng man...
     
  3. Halycon

    Halycon New Member

    Messages:
    15
    Likes Received:
    0
    Joined:
    Dec 12, 2001
  4. Jarinor

    Jarinor New Member

    Messages:
    6,350
    Likes Received:
    1
    Joined:
    Aug 5, 2001
    Wow, I tried it and you know what? It only partially works.

    Sure, I can edit some preference, such as always showing my signature, but as far as I couldn't tell, I can't make myself an admin.

    Also, your threat is pretty stupid - not only have you announced your intent, but you've also provided an IP address - even if you are now using a proxy, your old IP will still show up in the logs if I'm not mistaken.

    If it's worth doing, it's worth doing right.
     
  5. Halycon

    Halycon New Member

    Messages:
    15
    Likes Received:
    0
    Joined:
    Dec 12, 2001
    I also provided the damn soloution:

    <?php
    /***************************************************************************
    prefs.php - description
    -------------------
    begin : Sat June 17 2000
    copyright : (C) 2001 The phpBB Group
    email : support@phpbb.com

    $Id: prefs.php,v 1.28 2001/04/22 21:43:44 bartvb Exp $

    ***************************************************************************/

    /***************************************************************************
    *
    * This program is free software; you can redistribute it and/or modify
    * it under the terms of the GNU General Public License as published by
    * the Free Software Foundation; either version 2 of the License, or
    * (at your option) any later version.
    *
    ***************************************************************************/
    include('extention.inc');
    include('functions.'.$phpEx);
    include('config.'.$phpEx);
    require('auth.'.$phpEx);
    $pagetitle = $l_preferences;
    $pagetype = "index";

    if($submit || $user_logged_in) {
    if($save) {
    if (!$user_logged_in) {
    // no valid session, need to check user/pass.
    if($user == '' || $passwd == '') {
    error_die("$l_userpass $l_tryagain");
    }
    $md_pass = md5($passwd);
    $userdata = get_userdata($user, $db);
    if($md_pass != $userdata["user_password"]) {
    error_die("$l_wrongpass $l_tryagain");
    }
    if(is_banned($userdata[user_id], "username", $db))
    error_die($l_banned);
    // Log them in, they are authenticated!
    $sessid = new_session($userdata[user_id], $REMOTE_ADDR, $sesscookietime, $db);
    set_session_cookie($sessid, $sesscookietime, $sesscookiename, $cookiepath, $cookiedomain, $cookiesecure);
    }

    if($savecookie == 1) {
    $time = (time() + 3600 * 24 * 30 * 12);
    setcookie($cookiename, $userdata[user_id], $time, $cookiepath, $cookiedomain, $cookiesecure);
    }
    include('page_header.'.$phpEx);
    $fviemail = str_replace('=','',$viewemail);
    $fthemes = str_replace('=','',$themes);
    $fsig = str_replace('=','',$tsig);
    $fsmile = str_replace('=','',$smile);
    $fdishtml = str_replace('=','',$dishtml);
    $fdisbbcode = str_replace('=','',$disbbcode);
    $flang = str_replace('=','',$lang);
    $sql = "UPDATE users SET user_viewemail='$fviewemail', user_theme='$fthemes', user_attachsig = '$fsig', user_desmile = '$fsmile', user_html = '$fdishtml', user_bbcode = '$fdisbbcode', user_lang = '$flang' WHERE (user_id = '$userdata[user_id]')";
    if(!$result = mysql_query($sql, $db)) {
    error_die("An Error Occured<hr>Could not update the database. Please go back and try again.");
    }
    echo "<br><TABLE BORDER="0" CELLPADDING="1" CELLSPACING="0" ALIGN="CENTER" VALIGN="TOP" WIDTH="$tablewidth">";
    echo "<TR><TD BGCOLOR="$table_bgcolor"><TABLE BORDER="0" CALLPADDING="1" CELLSPACING="1" WIDTH="100%">";
    echo "<TR BGCOLOR="$color1" ALIGN="LEFT"><TD><font face="Verdana" size="2"><P>";
    echo "<P><BR><center>$l_prefupdated<p></center></font>";
    echo "</TD></TR></TABLE></TD></TR></TABLE><br>";

    } else {

    if (!$user_logged_in) {
    // no valid session, need to check user/pass.
    if($user == '' || $passwd == '') {
    error_die("$l_userpass $l_tryagain");
    }
    $md_pass = md5($passwd);
    $userdata = get_userdata($user, $db);
    if($md_pass != $userdata["user_password"]) {
    include('page_header.'.$phpEx);
    error_die("$l_wrongpass $l_tryagain");
    }
    if(is_banned($userdata[user_id], "username", $db))
    error_die($l_banned);
    $sessid = new_session($userdata[user_id], $REMOTE_ADDR, $sesscookietime, $db);
    set_session_cookie($sessid, $sesscookietime, $sesscookiename, $cookiepath, $cookiedomain, $cookiesecure);
    }
    include('page_header.'.$phpEx);
    if($userdata[user_viewemail] == 1) {
    $y = "CHECKED";
    } else {
    $n = "CHECKED";
    }

    if($userdata[user_attachsig] == 1)
    $always_sig = "CHECKED";
    else
    $no_always_sig = "CHECKED";

    if($userdata[user_desmile] == 1)
    $never_smile = "CHECKED";
    else
    $no_never_smile = "CHECKED";

    if($userdata[user_html] == 1)
    $never_html = "CHECKED";
    else
    $no_never_html = "CHECKED";

    if($userdata[user_bbcode] == 1)
    $never_bbcode = "CHECKED";
    else
    $no_never_bbcode = "CHECKED";

    if(isset($HTTP_COOKIE_VARS[$cookiename])) {
    $user_cookie = "CHECKED";
    } else {
    $user_nocookie = "CHECKED";
    }
    ?>
    <FORM ACTION="<?php echo $PHP_SELF?>" METHOD="POST">
    <TABLE BORDER="0" CELLPADDING="1" CELLSPACEING="0" ALIGN="CENTER" VALIGN="TOP" WIDTH="<?php echo $tablewidth?>"><TR><TD BGCOLOR="<?php echo $table_bgcolor?>">
    <TABLE BORDER="0" CALLPADDING="1" CELLSPACEING="1" WIDTH="100%">
    <TR BGCOLOR="<?php echo $color1?>" ALIGN="LEFT">
    <TD COLSPAN="2" ALIGN="CENTER"><b><?php echo $l_editprefs?></b></TD>
    </TR>
    <TR BGCOLOR="<?php echo $color1?>" ALIGN="LEFT">
    <TD COLSPAN="2" ALIGN="CENTER"><font size=-1><?php echo $l_themecookie?></font></TD>
    </TR>
    <TR BGCOLOR="<?php echo $color2?>" ALIGN="LEFT">
    <TD><?php echo $l_username?>:</TD>
    <TD><?php echo $userdata[username]?></TD>
    </TR>
    <?PHP
    if (!$user_logged_in) {
    // no session, need a password.
    echo " <TR BGCOLOR="$color2" ALIGN="LEFT"> n";
    echo " <TD>$l_password:</TD> n";
    echo " <TD><INPUT TYPE="PASSWORD" NAME="passwd" SIZE="25" MAXLENGTH="25"></TD> n";
    echo " </TR> n";
    }
    ?>
    <TR BGCOLOR="<?php echo $color2?>" ALIGN="LEFT">
    <TD><?php echo $l_publicmail?>:</TD>
    <TD><INPUT TYPE="RADIO" NAME="viewemail" VALUE="1" <?php echo $y?>><?php echo $l_yes?>
    <INPUT TYPE="RADIO" NAME="viewemail" VALUE="0" <?php echo $n?>><?php echo $l_no?></TD>
    </TR>
    <TR BGCOLOR="<?php echo $color2?>" ALIGN="LEFT">
    <TD><?php echo $l_storecookie?>:</TD>
    <TD><INPUT TYPE="RADIO" NAME="savecookie" VALUE="1" <?php echo $user_cookie?>><?php echo $l_yes?>
    <INPUT TYPE="RADIO" NAME="savecookie" VALUE="0" <?php echo $user_nocookie?>><?php echo $l_no?></TD>
    </TR>
    <TR BGCOLOR="<?php echo $color2?>" ALIGN="LEFT">
    <TD><?php echo $l_alwayssig?>:</TD>
    <TD><INPUT TYPE="RADIO" NAME="sig" VALUE="1" <?php echo $always_sig?>><?php echo $l_yes?>
    <INPUT TYPE="RADIO" NAME="sig" VALUE="0" <?php echo $no_always_sig?>><?php echo $l_no?></TD>
    </TR>
    <TR BGCOLOR="<?php echo $color2?>" ALIGN="LEFT">
    <TD><?php echo $l_alwayssmile?>:</TD>
    <TD><INPUT TYPE="RADIO" NAME="smile" VALUE="1" <?php echo $never_smile?>><?php echo $l_yes?>
    <INPUT TYPE="RADIO" NAME="smile" VALUE="0" <?php echo $no_never_smile?>><?php echo $l_no?></TD>
    </TR>
    <TR BGCOLOR="<?php echo $color2?>" ALIGN="LEFT">
    <TD><?php echo $l_alwayshtml?>:</TD>
    <TD><INPUT TYPE="RADIO" NAME="dishtml" VALUE="1" <?php echo $never_html?>><?php echo $l_yes?>
    <INPUT TYPE="RADIO" NAME="dishtml" VALUE="0" <?php echo $no_never_html?>><?php echo $l_no?></TD>
    </TR>
    <TR BGCOLOR="<?php echo $color2?>" ALIGN="LEFT">
    <TD><?php echo $l_alwaysbbcode?>:</TD>
    <TD><INPUT TYPE="RADIO" NAME="disbbcode" VALUE="1" <?php echo $never_bbcode?>><?php echo $l_yes?>
    <INPUT TYPE="RADIO" NAME="disbbcode" VALUE="0" <?php echo $no_never_bbcode?>><?php echo $l_no?></TD>
    </TR>
    <TR BGCOLOR="<?php echo $color2?>" ALIGN="LEFT">
    <TD><?php echo $l_boardtheme?>:
    </TD>
    <?php
    $sql = "SELECT theme_id, theme_name FROM themes ORDER BY theme_name";
    if(!$result = mysql_query($sql, $db))
    error_die("Error: Couldn't get themes data");
    if($myrow = mysql_fetch_array($result)) {
    echo "<TD><SELECT NAME="themes">n";
    do {
    unset($s);
    if($myrow[theme_id] == $userdata["user_theme"])
    $s = "SELECTED";
    echo "<OPTION VALUE="$myrow[theme_id]" $s>$myrow[theme_name]</OPTION>n";
    } while($myrow = mysql_fetch_array($result));
    }
    else {
    echo $l_nothemes;
    }
    ?>
    </SELECT></TD>
    </TR>
    <TR BGCOLOR="<?php echo $color2?>" ALIGN="LEFT">
    <TD><?php echo $l_boardlang?>:</TD>
    <td>
    <?php
    print language_select($default_lang, "lang");
    ?>
    </td>
    <TR BGCOLOR="<?php echo $color1?>" ALIGN="LEFT">
    <TD COLSPAN="2" ALIGN="CENTER"><INPUT TYPE="HIDDEN" NAME="save" VALUE="1"><INPUT TYPE="HIDDEN" NAME="user" VALUE="<?php echo $user?>">
    <INPUT TYPE="SUBMIT" NAME="submit" VALUE="<?php echo $l_saveprefs?>">
    </TD>
    </TR>
    </TABLE></TD></TR></TABLE>
    <?php
    }
    }
    else {
    include('page_header.'.$phpEx);
    login_form();
    }
    include('page_tail.'.$phpEx);
    ?>
     
  6. Jarinor

    Jarinor New Member

    Messages:
    6,350
    Likes Received:
    1
    Joined:
    Aug 5, 2001
    Good for you. I think the phpBB on this board has already been fixed though, seeing as the 'hack' didn't work. All it did was open my Preferences page.
     
  7. Jinxed

    Jinxed Active Member

    Messages:
    3,649
    Likes Received:
    3
    Joined:
    Aug 13, 2001
  8. Jarinor

    Jarinor New Member

    Messages:
    6,350
    Likes Received:
    1
    Joined:
    Aug 5, 2001
    What do you mean it stopped you for 5 minutes? You mean it froze your brain when you realised that someone could give themselves admin status and take off your moderator status :grin:?
     
  9. Jinxed

    Jinxed Active Member

    Messages:
    3,649
    Likes Received:
    3
    Joined:
    Aug 13, 2001
    some junk came on top of the page and sometimes the pages didn't load at all
     
  10. Jarinor

    Jarinor New Member

    Messages:
    6,350
    Likes Received:
    1
    Joined:
    Aug 5, 2001
    So, phpBB was giving you errors and 'freaking me out man!"?

    What freaks me out is how close to Java that phpBB code is...then again, Java is based on C/C++, so maybe the code is close to that...I've really got to get around to learning C one of these days...
     
  11. Sheriff Fatman

    Sheriff Fatman Active Member

    Messages:
    2,629
    Likes Received:
    0
    Joined:
    Sep 20, 2001
    Can you guys stop trying to hack the forum, now please. You're making me nervous. It's too much like two kids thinking they've found an unexploded bomb and whacking it with sticks to see if they're right.

    You think PHP is like Java? You should check out C# Then again, most modern languages are bound to share quite a lot of syntaxt and lexis. What would be the point in making it different just for the sake of it and causing a whole load of extra work for people who wanna learn them?
     
  12. Jarinor

    Jarinor New Member

    Messages:
    6,350
    Likes Received:
    1
    Joined:
    Aug 5, 2001
    Actually, Fatman, I am kind of interested in checking out C#. It looks like a pretty interesting language.

    I'm just saying that PHP and Java seem to share syntax and stuff like that, probably because they were derived from the same code base. I could be wrong though.
     
  13. Sheriff Fatman

    Sheriff Fatman Active Member

    Messages:
    2,629
    Likes Received:
    0
    Joined:
    Sep 20, 2001
    My house mate just came back (10 mins ago) from our local .Net awareness group thingy. He's been learning C# for a few months since our company wants to go over to it as soon as it gets out of beta.

    I used to be a Java programmer, and the similarities are quite amazing considering the lengths people go to to deny it.

    I'm not talking about syntax/lexis. Similarities there were inevitable since the two share C++ as an ancestor. I'm talking more about fundamental principles of the language, like single inheritence.

    Er ... possibly this post is a little OT for this thread, forum and site! All I can say is - I expect C# to be the next Java!
     
  14. Jarinor

    Jarinor New Member

    Messages:
    6,350
    Likes Received:
    1
    Joined:
    Aug 5, 2001
    Good, because while Java is (fairly) easy to program and use, it is slower than something really really slow.
     
  15. Calis

    Calis Member

    Messages:
    861
    Likes Received:
    1
    Joined:
    Apr 20, 2001
    Just so you know, we've already been hit by that exploit, and I seem to remember I already plugged that hole. But thanks for caring.
     
  16. Anonymous

    Anonymous Guest

    Change to iKonboard (ikonboard.com) or ibforums (ibforums.com). ibforums is the best but it isnt done yet.
     
  17. Milo

    Milo New Member

    Messages:
    2,517
    Likes Received:
    0
    Joined:
    Sep 12, 2001
    Yeah, go with iKonboard. I'm sure TLN will be overjoyed that you decided to switch to a flat-file CGI-based board.
     
  18. Anonymous

    Anonymous Guest

  19. Milo

    Milo New Member

    Messages:
    2,517
    Likes Received:
    0
    Joined:
    Sep 12, 2001
    Last I heard IB was working on a MySQL version. I've been out of it awhile.
     
  20. Ioo

    Ioo New Member

    Messages:
    1,752
    Likes Received:
    0
    Joined:
    Sep 22, 2001
    I think that's Quethim's other name!
     
Our Host!