Go Back   vb.org Archive > Community Discussions > Modification Requests/Questions (Unpaid)

Reply
 
Thread Tools Display Modes
  #1  
Old 03-11-2004, 05:01 PM
Ryan Ashbrook's Avatar
Ryan Ashbrook Ryan Ashbrook is offline
 
Join Date: Dec 2002
Location: Cincinnati, Ohio
Posts: 422
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default A hack idea.

I had this idea for a hack that will allow the users listed in the undeletable users variable in config.php will be allowed to edit themselves.

I attempted this hack, but I got a Fatal error in PHP.

If you would like to help or make this hack then please, do so.
Reply With Quote
  #2  
Old 03-11-2004, 08:58 PM
Gary King's Avatar
Gary King Gary King is offline
 
Join Date: Jan 2002
Posts: 2,046
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Okay I'm almost done give me 5 minutes for instructions
Reply With Quote
  #3  
Old 03-11-2004, 09:04 PM
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Location: Des Moines, IA (USA)
Posts: 15,776
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Then if someone ever does hack your account, they can really mess things up. I would be wary about any hack that does this.
Reply With Quote
  #4  
Old 03-11-2004, 09:05 PM
Gary King's Avatar
Gary King Gary King is offline
 
Join Date: Jan 2002
Posts: 2,046
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It's a 'use-at-your-own-risk' hack.

Also if someone managed to hack your account then I'd think you have worse things to worry about
Reply With Quote
  #5  
Old 03-11-2004, 09:11 PM
Gary King's Avatar
Gary King Gary King is offline
 
Join Date: Jan 2002
Posts: 2,046
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

<a href="https://vborg.vbsupport.ru/showthread.php?p=484488#post484488" target="_blank">https://vborg.vbsupport.ru/showt...488#post484488</a>
Reply With Quote
  #6  
Old 03-12-2004, 07:04 AM
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Location: Des Moines, IA (USA)
Posts: 15,776
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Gary W
It's a 'use-at-your-own-risk' hack.

Also if someone managed to hack your account then I'd think you have worse things to worry about
Yeah, like how (with your hack for this) to get my access back when they change my password. And it doesn't have to be a hacker. It can be one of your "trusted" co-Admins that you shared things you shouldn't have with.
Reply With Quote
  #7  
Old 03-12-2004, 07:06 AM
Natch's Avatar
Natch Natch is offline
 
Join Date: Nov 2002
Location: Australia
Posts: 851
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Boofo
Yeah, like how (with your hack for this) to get my access back when they change my password. And it doesn't have to be a hacker. It can be one of your "trusted" co-Admins that you shared things you shouldn't have with.
phpMyAdmin, or telnet/SSH> mysql CLI ...

In addition, as Jasper Johannsen [Security Engineer with microsoft] says ...

"The best solution to an employee who is doing things they shouldn't - make them an ex-employee."
Reply With Quote
  #8  
Old 03-12-2004, 07:12 AM
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Location: Des Moines, IA (USA)
Posts: 15,776
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

True, but how much damage can they do before you find out about it? That's the reason they made the $nodelete variable in the config.php. All it takes is once for things to be unrecoverable. Better safe than sorry.
Reply With Quote
  #9  
Old 03-12-2004, 11:07 AM
Gary King's Avatar
Gary King Gary King is offline
 
Join Date: Jan 2002
Posts: 2,046
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Boofo
True, but how much damage can they do before you find out about it? That's the reason they made the $nodelete variable in the config.php. All it takes is once for things to be unrecoverable. Better safe than sorry.
I'm betting that many admins who trust another admin will also give their FTP info. Once you have FTP info, you basically can do anything you want, even remove the admin from $nodelete variable.
Reply With Quote
  #10  
Old 03-12-2004, 02:59 PM
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Location: Des Moines, IA (USA)
Posts: 15,776
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Gary W
I'm betting that many admins who trust another admin will also give their FTP info. Once you have FTP info, you basically can do anything you want, even remove the admin from $nodelete variable.
Then you'd lose that bet. Most Admins won't go that far, for just that reason. But a few of them were surprised to see they couldn't log on after one of their co-Admins turned on them and changed the password in their account. Didn't you read any of the pre-vB3 messages here?
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 03:35 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04677 seconds
  • Memory Usage 2,246KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (4)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete