Advertisement:

Author Topic: Any vulnerability found?  (Read 2739 times)

Offline musicus

  • Jr. Member
  • **
  • Posts: 126
  • Gender: Male
    • bamdorner on Facebook
    • @net_mu on Twitter
    • Mucic for open ears
Any vulnerability found?
« on: April 11, 2012, 04:38:38 PM »
A user in my forum has alerted me on it. Since it it is possible as a normal user to edit texts by other users. This error occurs, not always, but occasionally it happens that every normal user can manipulate text by other users.

All permissions are set correctly

Sorry my bad english

Offline K@

  • Lead Support Specialist
  • SMF Master
  • *
  • Posts: 47,394
  • Gender: Male
  • Yum!
Re: Any vulnerability found?
« Reply #1 on: April 11, 2012, 04:48:59 PM »
The permission you want, isn't shown in either of your screenshots.

The one you want is "Modify posts", left-hand column, second from bottom. :)

Offline musicus

  • Jr. Member
  • **
  • Posts: 126
  • Gender: Male
    • bamdorner on Facebook
    • @net_mu on Twitter
    • Mucic for open ears
Re: Any vulnerability found?
« Reply #2 on: April 11, 2012, 04:55:51 PM »
Here is the lost part :)

Offline K@

  • Lead Support Specialist
  • SMF Master
  • *
  • Posts: 47,394
  • Gender: Male
  • Yum!
Re: Any vulnerability found?
« Reply #3 on: April 11, 2012, 05:10:00 PM »
Weird.

This is a long-shot...

Do the members concerned belong in more than one membergroup, because of post-count groups?

Are they inheriting permissions from there?

If not, I'm stumped, I'm afraid.

Offline musicus

  • Jr. Member
  • **
  • Posts: 126
  • Gender: Male
    • bamdorner on Facebook
    • @net_mu on Twitter
    • Mucic for open ears
Re: Any vulnerability found?
« Reply #4 on: April 11, 2012, 05:24:17 PM »
 I have two extra Membergroups

Sponsor - normal Users, but they spend money for the server
Zerro - new users - 0-posters

Offline emanuele

  • SMF Super Hero
  • *******
  • Posts: 14,161
  • Gender: Male
  • THERE'S JUST ME
Re: Any vulnerability found?
« Reply #5 on: April 11, 2012, 05:32:19 PM »
(almost) Nothing happen "randomly".

Here there is a pattern and I can see it by the half permission in your second picture: "Modify replies to own topics".

That permission gives the possibility to the member who start the topic to modify all the answers to that topic.


Take a peek at what I'm doing! ;D



Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

Offline musicus

  • Jr. Member
  • **
  • Posts: 126
  • Gender: Male
    • bamdorner on Facebook
    • @net_mu on Twitter
    • Mucic for open ears
Re: Any vulnerability found?
« Reply #6 on: April 11, 2012, 05:36:37 PM »
But this user who has alerted me to the error, belongs to none or groups mentioned above

Offline emanuele

  • SMF Super Hero
  • *******
  • Posts: 14,161
  • Gender: Male
  • THERE'S JUST ME
Re: Any vulnerability found?
« Reply #7 on: April 11, 2012, 05:39:41 PM »
My post refers to your very first post and this image:



Take a peek at what I'm doing! ;D



Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

Offline musicus

  • Jr. Member
  • **
  • Posts: 126
  • Gender: Male
    • bamdorner on Facebook
    • @net_mu on Twitter
    • Mucic for open ears
Re: Any vulnerability found?
« Reply #8 on: April 11, 2012, 05:48:18 PM »
Is that better?



Offline emanuele

  • SMF Super Hero
  • *******
  • Posts: 14,161
  • Gender: Male
  • THERE'S JUST ME
Re: Any vulnerability found?
« Reply #9 on: April 11, 2012, 05:53:27 PM »
Sorry, but no idea... :)
I don't speak German.

What I'm saying is that in the image I re-posted there is in the last half line selected the permission "Modify replies to own topics", remove that from any of your groups and the error should disappear. ;)


Take a peek at what I'm doing! ;D



Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

Offline musicus

  • Jr. Member
  • **
  • Posts: 126
  • Gender: Male
    • bamdorner on Facebook
    • @net_mu on Twitter
    • Mucic for open ears
Re: Any vulnerability found?
« Reply #10 on: April 11, 2012, 05:56:53 PM »
sorry, now in english



Offline emanuele

  • SMF Super Hero
  • *******
  • Posts: 14,161
  • Gender: Male
  • THERE'S JUST ME
Re: Any vulnerability found?
« Reply #11 on: April 11, 2012, 06:01:23 PM »
The permission I'm telling you to remove is not in that part, is a bit below.
You can simply remove the tick from the permission and save.


Take a peek at what I'm doing! ;D



Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

Offline musicus

  • Jr. Member
  • **
  • Posts: 126
  • Gender: Male
    • bamdorner on Facebook
    • @net_mu on Twitter
    • Mucic for open ears
Re: Any vulnerability found?
« Reply #12 on: April 11, 2012, 06:07:44 PM »
I hope thats right ;D

Offline emanuele

  • SMF Super Hero
  • *******
  • Posts: 14,161
  • Gender: Male
  • THERE'S JUST ME
Re: Any vulnerability found?
« Reply #13 on: April 11, 2012, 06:09:30 PM »
Now, if all your groups are set that way (in your first picture it doesn't seem to be the case) you should be fine.


Take a peek at what I'm doing! ;D



Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

Offline musicus

  • Jr. Member
  • **
  • Posts: 126
  • Gender: Male
    • bamdorner on Facebook
    • @net_mu on Twitter
    • Mucic for open ears
Re: Any vulnerability found?
« Reply #14 on: April 11, 2012, 06:11:23 PM »
Thank you for your help