Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 05-07-2002, 08:14 AM
Jawelin Jawelin is offline
 
Join Date: Nov 2001
Posts: 557
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Security simulator: If I were ... ? (on forumhome)

Hi. I would mind to create some simple security tester.
Already asked a similar question, but nobody.... :ermm:

Well. Simply, I would see my FORUMHOME only (I mean index.php it's enough...) from any user's perspective, to check if one or another could see something or not, and how he does see it.

I tough an Admin could use some particular parameter (&userid=xxx ... ) on index.php to see the forumhome as he were that user.
Of course, not touching links which would create many problems... simply give a look around.
This way I shouldn't logout and login each time with dummy user accounts to test usergroups, permission masks, and so on... that could be not too precise...

I could, for example, store my $bbuserinfo account in a temp var right after the
PHP Code:
require('./global.php'); 
, then switch it to another user's config ....
Last, right after the main template evaluation, I could restore it to it's original (mine...) values.

Anybody does think that should be possible ?
Exactly, how ?

Thank you very much for your time following my unpredictable ideas....

Bye
Reply With Quote
  #2  
Old 05-08-2002, 11:27 AM
Jawelin Jawelin is offline
 
Join Date: Nov 2001
Posts: 557
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Nobody ?
Neither someone could tell me it's impossible ?
Thanks
Reply With Quote
  #3  
Old 05-09-2002, 12:59 PM
Logician's Avatar
Logician Logician is offline
 
Join Date: Nov 2001
Location: inside vb code
Posts: 4,449
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Not tested but should work:

in global.php find:

// ###################### Start sessions #######################

before that add:

if (($bbuserinfo[usergroupid]==6) AND $l_usergroupid)
{$bbuserinfo[usergroupid]=$l_usergroupid;}

Now to wear someone else's (usergroup) shoes, simply add "&$l_usergroupid=x" after your URL to imitate another usergroup.

This is not tested and I didnt think about the consequences of the code carefully, so I'm not responsible what it does.. If you plan to apply it, you'd better check the code, consequences, bugs and security concerns extensively..

Eg.

NEVER apply a code like this:
if ($l_user)
{$bbuserinfo[userid]=$l_user;}

Although this may do exactly what you wanted, anybody (who knows you applied such a hack) can get admin privilages by just adding &$l_user=1 line in their address bar.

This is why I told this code should be examined and tested extensively before being applied!

Here is an other alternative (more secure) for you:
Configure vbulletin to send notifications about new registered members and add line "Password= $password" in your notification email template. Now with every registered member, you'll get an email with their passwords in it and you can login with their usernames&passwords if that is what you wanted.

Regards,
Logician
Reply With Quote
  #4  
Old 05-09-2002, 02:12 PM
Admin's Avatar
Admin Admin is offline
Coder
 
Join Date: Oct 2023
Location: Server
Posts: 1
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You must stick that code after [minicode]require('./admin/sessions.php');[/minicode] or it will not work ($bbuserinfo is only set in that file).
Reply With Quote
  #5  
Old 05-09-2002, 02:30 PM
Jawelin Jawelin is offline
 
Join Date: Nov 2001
Posts: 557
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

FoA, thanks a lot to both of you.

@ Logician: actually the encrypted password is not my problem. Till now, I created different dummy users to do this job, but a real perspective should be better. This' exactly the reason I had this idea...
Besides, it will be enough to me to simply give a look at the forumhome. I mean, I could use an identical new index_xxx.php with the userid swap at the begin of that file....
Also, I though to the require() stuff and - as said - would make such a switch right after that import only in index*.php, not all the board (at session level, for instance...)

@FireFly: do you think if I put in new index.php something like:
PHP Code:
$oldbbuserinfo=$bbuserinfo;
$bbuserinfo= .... // and repeat sessions.php stuff... 
could I manage to obtain something good ?

Thanks again
Reply With Quote
  #6  
Old 05-09-2002, 02:39 PM
Admin's Avatar
Admin Admin is offline
Coder
 
Join Date: Oct 2023
Location: Server
Posts: 1
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You mustn't change the $bbuserinfo array before requiring sessions.php - it just won't work. After you require that file you can do anything you want. Nothing is cached in sessions.php IIRC so it should work as expected.
Reply With Quote
  #7  
Old 05-09-2002, 02:55 PM
Jawelin Jawelin is offline
 
Join Date: Nov 2001
Posts: 557
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Yes. Probably i haven't explained well.
Simply, I copied my index.php in a new index2.php ...
And
PHP Code:
// added

$org_bbuserinfo=$bbuserinfo;
$bbuserinfo=$DB_site->query_first("SELECT user.*,userfield.* FROM user LEFT JOIN userfield 
                                 ON userfield.userid=user.userid WHERE user.username='
$fakeusername'");

//right AFTER 

require('./global.php'); 
And it works, of course only on forumhome, as first link I click, I come back myself.... :rambo:

Now I could add many security tricks, like for example checking if the original 'me' it's an Admin, if the simulated user isn't, and so on...

Btw, it works exactly like I imagined it.... :smoke:
Thanks again.

Just a php question: could I copy an entire array simple with the '=' operator ? :ermm: (not influencing, here, but just fmi...)

Bye
Reply With Quote
  #8  
Old 05-09-2002, 02:57 PM
Admin's Avatar
Admin Admin is offline
Coder
 
Join Date: Oct 2023
Location: Server
Posts: 1
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Yup, [minicode]$newArray = $Array;[/minicode] works.
Reply With Quote
  #9  
Old 05-09-2002, 03:09 PM
Jawelin Jawelin is offline
 
Join Date: Nov 2001
Posts: 557
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Yes. It works...
Tried and make an hack...
Shall we move ? Ehehehehhh!

---> index.php
Right after:
PHP Code:
require('./global.php'); 
add :
PHP Code:
//HACK: If i were ..., on forumhome ?
if ($bbuserinfo[userid]==and isset($fakeusername)) {
    
$org_bbuserinfo=$bbuserinfo;
    
$bbuserinfo=$DB_site->query_first("SELECT user.*,userfield.*
                                        FROM user LEFT JOIN userfield 
                                        ON userfield.userid=user.userid
                                        WHERE user.username='
$fakeusername'
                                      "
);
    if (!
$bbuserinfo) {
        
$bbuserinfo=$org_bbuserinfo;
    }
}
//HACK: If i were ..., on forumhome ? 
[replace '1' with your userid, for security reasons...]

Bye and thanks for supporting my strange ideas...
Reply With Quote
  #10  
Old 05-10-2002, 08:11 AM
Jawelin Jawelin is offline
 
Join Date: Nov 2001
Posts: 557
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Appetite comes eating

What about putting it at the end of global.php ???
I'm afraid I could obtain some undesired side effect like updating the last-infos of that user, or similar...

Your opinion ?
Thnx
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 04:14 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.10326 seconds
  • Memory Usage 2,272KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (5)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete