vb.org Archive
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Modification Requests/Questions (Unpaid) (https://vborg.vbsupport.ru/forumdisplay.php?f=112)
-   -   A hack idea. (https://vborg.vbsupport.ru/showthread.php?t=62395)

Ryan Ashbrook 03-11-2004 05:01 PM
A hack idea.
 
I had this idea for a hack that will allow the users listed in the undeletable users variable in config.php will be allowed to edit themselves.

I attempted this hack, but I got a Fatal error in PHP.

If you would like to help or make this hack then please, do so. :)

Gary King 03-11-2004 08:58 PM
Okay I'm almost done give me 5 minutes for instructions :)

Boofo 03-11-2004 09:04 PM
Then if someone ever does hack your account, they can really mess things up. I would be wary about any hack that does this. ;)

Gary King 03-11-2004 09:05 PM
It's a 'use-at-your-own-risk' hack.

Also if someone managed to hack your account then I'd think you have worse things to worry about :)

Gary King 03-11-2004 09:11 PM
<a href="https://vborg.vbsupport.ru/showthread.php?p=484488#post484488" target="_blank">https://vborg.vbsupport.ru/showt...488#post484488</a>

Boofo 03-12-2004 07:04 AM
Quote:
Originally Posted by Gary W
It's a 'use-at-your-own-risk' hack.

Also if someone managed to hack your account then I'd think you have worse things to worry about :)
Yeah, like how (with your hack for this) to get my access back when they change my password. And it doesn't have to be a hacker. It can be one of your "trusted" co-Admins that you shared things you shouldn't have with.

Natch 03-12-2004 07:06 AM
Quote:
Originally Posted by Boofo
Yeah, like how (with your hack for this) to get my access back when they change my password. And it doesn't have to be a hacker. It can be one of your "trusted" co-Admins that you shared things you shouldn't have with.
phpMyAdmin, or telnet/SSH> mysql CLI ...

In addition, as Jasper Johannsen [Security Engineer with microsoft] says ...

"The best solution to an employee who is doing things they shouldn't - make them an ex-employee."

Boofo 03-12-2004 07:12 AM
True, but how much damage can they do before you find out about it? That's the reason they made the $nodelete variable in the config.php. All it takes is once for things to be unrecoverable. Better safe than sorry.

Gary King 03-12-2004 11:07 AM
Quote:
Originally Posted by Boofo
True, but how much damage can they do before you find out about it? That's the reason they made the $nodelete variable in the config.php. All it takes is once for things to be unrecoverable. Better safe than sorry.
I'm betting that many admins who trust another admin will also give their FTP info. Once you have FTP info, you basically can do anything you want, even remove the admin from $nodelete variable.

Boofo 03-12-2004 02:59 PM
Quote:
Originally Posted by Gary W
I'm betting that many admins who trust another admin will also give their FTP info. Once you have FTP info, you basically can do anything you want, even remove the admin from $nodelete variable.
Then you'd lose that bet. Most Admins won't go that far, for just that reason. But a few of them were surprised to see they couldn't log on after one of their co-Admins turned on them and changed the password in their account. Didn't you read any of the pre-vB3 messages here?


All times are GMT. The time now is 11:37 PM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01473 seconds
  • Memory Usage 1,734KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (4)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete