falsification of nicknames smf 1.0.2

Started by xr, March 25, 2005, 02:39:11 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

xr

March 25, 2005, 02:39:11 AM Last Edit: March 25, 2005, 02:44:02 AM by xr
  hello apparently ay a problem in smf I am in the certain thing watch what encontre in the network

Quote
*  Intro

Okey, this bug allows the falsification of nicknames of users registered in forums SMF 1.0.2.  They are even possible to be falsified nicknames of admins. 

Bug worked in the forum of hxxp:defacers.com.mx [nonactive](hoy 24/Marzo/05 to the 1:20 a.m.). 

*  Lets ****** that forum! 

1 Entra to hxxp:www.xxxx.com/foro/index.php?action=register [nonactive] and opens to the source code of the page.  Now flock where it says:  < input type="text "to name="user" size="20 "maxlength="18"/> and pon:  < input type="text "to name="user" size="200 "maxlength="180"/>. and keeps the page in your hard disk. 

2 Now it opens the page that you have kept in your hard disk with your navigator of favourite Internet.  Pon nick that you want to falsify followed of many spaces and at the end of the spaces pon any letter for example:  Status-x s-gay later pon any email and any password that are happened to you and registrate. 

3 Ready already you can send messages with nickname of another person. 

4 Now postea the siquiente:  xxxx.....



*  Note

You can operate this bug in nobody fotro SMF 1.0.2.


greetings

[Unknown]

#1
March 25, 2005, 03:40:40 AM
Not really a huge issue if you use reserved words, and the spaces will get you anyway in the end.

This was not the right place to post this, in any case.

-[Unknown]
Print
Go Up Pages1
User actions
Advertisement: