Advertisement:

Author Topic: Any vulnerability found?  (Read 2569 times)

Offline musicus

  • Semi-Newbie
  • *
  • Posts: 97
  • Gender: Male
    • bamdorner on Facebook
    • @net_mu on Twitter
    • Mucic for open ears
Any vulnerability found?
« on: April 11, 2012, 04:38:38 PM »
A user in my forum has alerted me on it. Since it it is possible as a normal user to edit texts by other users. This error occurs, not always, but occasionally it happens that every normal user can manipulate text by other users.

All permissions are set correctly

Sorry my bad english

Offline K@

  • Lead Support Specialist
  • SMF Master
  • *
  • Posts: 45,093
  • Gender: Male
  • Yum!
Re: Any vulnerability found?
« Reply #1 on: April 11, 2012, 04:48:59 PM »
The permission you want, isn't shown in either of your screenshots.

The one you want is "Modify posts", left-hand column, second from bottom. :)

Offline musicus

  • Semi-Newbie
  • *
  • Posts: 97
  • Gender: Male
    • bamdorner on Facebook
    • @net_mu on Twitter
    • Mucic for open ears
Re: Any vulnerability found?
« Reply #2 on: April 11, 2012, 04:55:51 PM »
Here is the lost part :)

Offline K@

  • Lead Support Specialist
  • SMF Master
  • *
  • Posts: 45,093
  • Gender: Male
  • Yum!
Re: Any vulnerability found?
« Reply #3 on: April 11, 2012, 05:10:00 PM »
Weird.

This is a long-shot...

Do the members concerned belong in more than one membergroup, because of post-count groups?

Are they inheriting permissions from there?

If not, I'm stumped, I'm afraid.

Offline musicus

  • Semi-Newbie
  • *
  • Posts: 97
  • Gender: Male
    • bamdorner on Facebook
    • @net_mu on Twitter
    • Mucic for open ears
Re: Any vulnerability found?
« Reply #4 on: April 11, 2012, 05:24:17 PM »
 I have two extra Membergroups

Sponsor - normal Users, but they spend money for the server
Zerro - new users - 0-posters

Offline emanuele

  • Language Moderator
  • SMF Super Hero
  • *
  • Posts: 14,060
  • Gender: Male
  • THERE'S JUST ME
Re: Any vulnerability found?
« Reply #5 on: April 11, 2012, 05:32:19 PM »
(almost) Nothing happen "randomly".

Here there is a pattern and I can see it by the half permission in your second picture: "Modify replies to own topics".

That permission gives the possibility to the member who start the topic to modify all the answers to that topic.
Do you want to discover what I'm doing? Here it is!



Hai bisogno di supporto in Italiano?

* emanuele dislikes "like" and alike

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

It has been reported to me that I'm being snarky, feel free to be offended by my comments, I'm probably doing it on purpose...or not.

Offline musicus

  • Semi-Newbie
  • *
  • Posts: 97
  • Gender: Male
    • bamdorner on Facebook
    • @net_mu on Twitter
    • Mucic for open ears
Re: Any vulnerability found?
« Reply #6 on: April 11, 2012, 05:36:37 PM »
But this user who has alerted me to the error, belongs to none or groups mentioned above

Offline emanuele

  • Language Moderator
  • SMF Super Hero
  • *
  • Posts: 14,060
  • Gender: Male
  • THERE'S JUST ME
Re: Any vulnerability found?
« Reply #7 on: April 11, 2012, 05:39:41 PM »
My post refers to your very first post and this image:

Do you want to discover what I'm doing? Here it is!



Hai bisogno di supporto in Italiano?

* emanuele dislikes "like" and alike

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

It has been reported to me that I'm being snarky, feel free to be offended by my comments, I'm probably doing it on purpose...or not.

Offline musicus

  • Semi-Newbie
  • *
  • Posts: 97
  • Gender: Male
    • bamdorner on Facebook
    • @net_mu on Twitter
    • Mucic for open ears
Re: Any vulnerability found?
« Reply #8 on: April 11, 2012, 05:48:18 PM »
Is that better?



Offline emanuele

  • Language Moderator
  • SMF Super Hero
  • *
  • Posts: 14,060
  • Gender: Male
  • THERE'S JUST ME
Re: Any vulnerability found?
« Reply #9 on: April 11, 2012, 05:53:27 PM »
Sorry, but no idea... :)
I don't speak German.

What I'm saying is that in the image I re-posted there is in the last half line selected the permission "Modify replies to own topics", remove that from any of your groups and the error should disappear. ;)
Do you want to discover what I'm doing? Here it is!



Hai bisogno di supporto in Italiano?

* emanuele dislikes "like" and alike

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

It has been reported to me that I'm being snarky, feel free to be offended by my comments, I'm probably doing it on purpose...or not.

Offline musicus

  • Semi-Newbie
  • *
  • Posts: 97
  • Gender: Male
    • bamdorner on Facebook
    • @net_mu on Twitter
    • Mucic for open ears
Re: Any vulnerability found?
« Reply #10 on: April 11, 2012, 05:56:53 PM »
sorry, now in english



Offline emanuele

  • Language Moderator
  • SMF Super Hero
  • *
  • Posts: 14,060
  • Gender: Male
  • THERE'S JUST ME
Re: Any vulnerability found?
« Reply #11 on: April 11, 2012, 06:01:23 PM »
The permission I'm telling you to remove is not in that part, is a bit below.
You can simply remove the tick from the permission and save.
Do you want to discover what I'm doing? Here it is!



Hai bisogno di supporto in Italiano?

* emanuele dislikes "like" and alike

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

It has been reported to me that I'm being snarky, feel free to be offended by my comments, I'm probably doing it on purpose...or not.

Offline musicus

  • Semi-Newbie
  • *
  • Posts: 97
  • Gender: Male
    • bamdorner on Facebook
    • @net_mu on Twitter
    • Mucic for open ears
Re: Any vulnerability found?
« Reply #12 on: April 11, 2012, 06:07:44 PM »
I hope thats right ;D

Offline emanuele

  • Language Moderator
  • SMF Super Hero
  • *
  • Posts: 14,060
  • Gender: Male
  • THERE'S JUST ME
Re: Any vulnerability found?
« Reply #13 on: April 11, 2012, 06:09:30 PM »
Now, if all your groups are set that way (in your first picture it doesn't seem to be the case) you should be fine.
Do you want to discover what I'm doing? Here it is!



Hai bisogno di supporto in Italiano?

* emanuele dislikes "like" and alike

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

It has been reported to me that I'm being snarky, feel free to be offended by my comments, I'm probably doing it on purpose...or not.

Offline musicus

  • Semi-Newbie
  • *
  • Posts: 97
  • Gender: Male
    • bamdorner on Facebook
    • @net_mu on Twitter
    • Mucic for open ears
Re: Any vulnerability found?
« Reply #14 on: April 11, 2012, 06:11:23 PM »
Thank you for your help