New Exploit For PunBB v1.2.15

Dante90 · 2007-11-03 13:40:23

Dante90
Member
Offline

Registered: 2007-03-27
Posts: 18

Topic: New Exploit For PunBB v1.2.15

I found a Bug on PunBB... It is fatal. I want the fix... I can not post the Exploit, it is dangerous. ADMINS, contact me... dante90.dmc4@hotmail.it... Dante

http://img154.imageshack.us/img154/1262/wwzdx9.png

http://img517.imageshack.us/img517/1542/dante90bu4.jpg

http://img522.imageshack.us/img522/5276/eurohackersuserbarnb4.gif

PhaxeNor · 2007-11-03 13:49:11

PhaxeNor
Member
Offline

Registered: 2007-05-23
Posts: 72

Re: New Exploit For PunBB v1.2.15

Please read the description on this forum.. Click here <--- Click there to contact the admin

Paul · 2007-11-03 13:49:21

Paul
Senior Member
Offline

From: Wales, UK.
Registered: 2003-08-13
Posts: 3,089

Re: New Exploit For PunBB v1.2.15

http://punbb.org/forums/viewtopic.php?id=6110

Smartys · 2007-11-03 17:01:41

Smartys
Former PunBB Developer
Offline

Registered: 2004-04-30
Posts: 7,844

Re: New Exploit For PunBB v1.2.15

I've also sent you an email about this.

http://fluxbb.org

Free PunBB Hosting - lots of mods, easy to customize

liquidat0r · 2007-11-03 22:40:26

liquidat0r
Senior Member
Offline

From: London, England
Registered: 2006-09-18
Posts: 150

Re: New Exploit For PunBB v1.2.15

I wonder what the problem is ...

Smartys · 2007-11-04 12:42:50

Smartys
Former PunBB Developer
Offline

Registered: 2004-04-30
Posts: 7,844

Re: New Exploit For PunBB v1.2.15

I do too, I'm still waiting for a reply

http://fluxbb.org

Free PunBB Hosting - lots of mods, easy to customize

Smartys · 2007-11-07 02:27:00

Smartys
Former PunBB Developer
Offline

Registered: 2004-04-30
Posts: 7,844

Re: New Exploit For PunBB v1.2.15

Just a heads up to people, I still haven't heard anything about this

http://fluxbb.org

Free PunBB Hosting - lots of mods, easy to customize

Dante90 · 2007-11-18 20:51:20

Dante90
Member
Offline

Registered: 2007-03-27
Posts: 18

Re: New Exploit For PunBB v1.2.15

[Dante: we know, I've talked to you about this -Smartys]

Last edited by Smartys (2007-11-18 20:52:08)

Smartys · 2007-11-18 20:54:09

Smartys
Former PunBB Developer
Offline

Registered: 2004-04-30
Posts: 7,844

Re: New Exploit For PunBB v1.2.15

Dante, if you want to talk more about this with me, send me an email

http://fluxbb.org

Free PunBB Hosting - lots of mods, easy to customize

StevenBullen · 2007-11-19 08:47:33

StevenBullen
PunBB Donor
Offline

From: Herts - UK
Registered: 2005-09-11
Posts: 828

Re: New Exploit For PunBB v1.2.15

Dante90 wrote:

[Dante: we know, I've talked to you about this -Smartys]

And the fault was??

Blog - Follow Me and FluxBB on Twitter

Smartys · 2007-11-19 11:30:46

Smartys
Former PunBB Developer
Offline

Registered: 2004-04-30
Posts: 7,844

Re: New Exploit For PunBB v1.2.15

Lets wait until there's a completely working version of 1.2.16?

http://fluxbb.org

Free PunBB Hosting - lots of mods, easy to customize

Dante90 · 2007-11-19 14:35:32

Dante90
Member
Offline

Registered: 2007-03-27
Posts: 18

Re: New Exploit For PunBB v1.2.15

But it was the Fix... O__O Dante

Smartys · 2007-11-19 16:20:54

Smartys
Former PunBB Developer
Offline

Registered: 2004-04-30
Posts: 7,844

Re: New Exploit For PunBB v1.2.15

Which you posted prior to a working, official release. In other words, people wouldn't necessarily know to upgrade but the problem would still be disclosed.

http://fluxbb.org

Free PunBB Hosting - lots of mods, easy to customize

StevenBullen · 2007-11-19 23:08:48

StevenBullen
PunBB Donor
Offline

From: Herts - UK
Registered: 2005-09-11
Posts: 828

Re: New Exploit For PunBB v1.2.15

Sorry I didnt mean to hassle. Thanks for the info smartys.

Blog - Follow Me and FluxBB on Twitter

Smartys · 2007-11-20 00:09:40

Smartys
Former PunBB Developer
Offline

Registered: 2004-04-30
Posts: 7,844

Re: New Exploit For PunBB v1.2.15

StevenBullen wrote:

Sorry I didnt mean to hassle. Thanks for the info smartys.

Oh, don't worry about it
The bug was this one: http://dev.punbb.org/changeset/1094
Basically, we didn't check the referrer when changing passwords. Not an issue for normal users, since they require the old password to be inputted, but admins/mods that can edit passwords would submit without an issue.

http://fluxbb.org

Free PunBB Hosting - lots of mods, easy to customize

Dante90 · 2007-11-20 15:57:18

Dante90
Member
Offline

Registered: 2007-03-27
Posts: 18

Re: New Exploit For PunBB v1.2.15

Thank you for the Thanks I sent you an other email... This time it isn't a dangerous Bug xD Dante

New Exploit For PunBB v1.2.15

Posts [ 16 ]

1 Topic by Dante90 2007-11-03 13:40:23

Topic: New Exploit For PunBB v1.2.15

2 Reply by PhaxeNor 2007-11-03 13:49:11

Re: New Exploit For PunBB v1.2.15

3 Reply by Paul 2007-11-03 13:49:21

Re: New Exploit For PunBB v1.2.15

4 Reply by Smartys 2007-11-03 17:01:41

Re: New Exploit For PunBB v1.2.15

5 Reply by liquidat0r 2007-11-03 22:40:26

Re: New Exploit For PunBB v1.2.15

6 Reply by Smartys 2007-11-04 12:42:50

Re: New Exploit For PunBB v1.2.15

7 Reply by Smartys 2007-11-07 02:27:00

Re: New Exploit For PunBB v1.2.15

8 Reply by Dante90 2007-11-18 20:51:20

Re: New Exploit For PunBB v1.2.15

9 Reply by Smartys 2007-11-18 20:54:09

Re: New Exploit For PunBB v1.2.15

10 Reply by StevenBullen 2007-11-19 08:47:33

Re: New Exploit For PunBB v1.2.15

11 Reply by Smartys 2007-11-19 11:30:46

Re: New Exploit For PunBB v1.2.15

12 Reply by Dante90 2007-11-19 14:35:32

Re: New Exploit For PunBB v1.2.15

13 Reply by Smartys 2007-11-19 16:20:54

Re: New Exploit For PunBB v1.2.15

14 Reply by StevenBullen 2007-11-19 23:08:48

Re: New Exploit For PunBB v1.2.15

15 Reply by Smartys 2007-11-20 00:09:40

Re: New Exploit For PunBB v1.2.15

16 Reply by Dante90 2007-11-20 15:57:18

Re: New Exploit For PunBB v1.2.15

Posts [ 16 ]