SMF Support > SMF 2.0.x Support

Karma

(1/3) > >>

defdef:
1.    SMF 2.0.2 Update    1.0    [ Uninstall ] [ List Files ] [ Delete ]
2.    InLine Attachments    1.11    [ List Files ] [ Delete ]
3.    Simple Spoiler    1.0.2    [ List Files ] [ Delete ]
4.    NChat    1.3.2    [ Install Mod ] [ List Files ] [ Delete ]
5.    Bot Buster    1.1    [ Uninstall ] [ List Files ] [ Delete ]
6.    SMF 2.0.1 Update    1.0    [ List Files ] [ Delete ]
7.    Member NotePad    2.0.2    [ Uninstall ] [ List Files ] [ Delete ]


So we've been having a problem where someone is exploiting what I think is a bug to bypass the 1 hour time limit on karma. One of my other forums users sent me a message outlining the problem:


--- Quote ---If you simply change the user id of the person being smited or applauded you can repeat without worrying about the 1 hour time limit.

This would be the info sent to applaud user 1:

http://YOURFORUM.com/index.php?action=modifykarma;sa=applaud;uid=1;topic=206.0;m=15069;f85f6e9b41=7ea5a2e5da94a6211630850ca6ee9b26

if i change that to uid=11:

http://YOURFORUM.com/index.php?action=modifykarma;sa=applaud;uid=11;topic=206.0;m=15069;f85f6e9b41=7ea5a2e5da94a6211630850ca6ee9b26

then it cures user 11. As long as you don't do two people twice you can script it to smite and applaud one person every other time so that their karma stays the same, and the person targeted goes up or down as many times as you'd like.

so scripting it like this:
1)http://YOURFORUM.com/index.php?action=modifykarma;sa=smite;uid=1;topic=206.0;m=15069;f85f6e9b41=7ea5a2e5da94a6211630850ca6ee9b26

2)http://YOURFORUM.com/index.php?action=modifykarma;sa=applaud;uid=11;topic=206.0;m=15069;f85f6e9b41=7ea5a2e5da94a6211630850ca6ee9b26

3)http://YOUFORUM.com/index.php?action=modifykarma;sa=applaud;uid=1;topic=206.0;m=15069;f85f6e9b41=7ea5a2e5da94a6211630850ca6ee9b26

4)http://YOURFORUM.com/index.php?action=modifykarma;sa=applaud;uid=11;topic=206.0;m=15069;f85f6e9b41=7ea5a2e5da94a6211630850ca6ee9b26

repeat 1 - 4 for as many applauds as wanted would raise user 11 while keeping user 1 pegged at their original level using alternating applauds/smites.

After realizing this, I just tested it and if you manually click applaud on one person (user 1), then cure on another (user 11), you can click applaud on user 1 again without hitting the time limit.
--- End quote ---

Is this addressed somewhere? The forum search did not bring anything up. Thanks for any help.

emanuele:
I've seen similar reports two or three times (the others were always bugged reports because people were misunderstanding how karma works), but I've never been able to reproduce it.

Today I tried three times, the result is always:

--- Quote ---Sorry, you can't repeat a karma action without waiting 1 hours.
--- End quote ---

defdef:
Well I released this to people on my forums and they're all able to replicate it (including myself) so it might be something specific to my forums? If so, should I repost in the support section?

emanuele:
Can you send me the data of an account to your forum? (the account should be able to modify karma)

abhirupmanna:
I tried this but without success on a no mod installation.

Navigation

[0] Message Index

[#] Next page