Topic: New Exploit For PunBB v1.2.15

I found a Bug on PunBB... It is fatal. I want the fix... I can not post the Exploit, it is dangerous. ADMINS, contact me... dante90.dmc4@hotmail.it... Dante

[img]http://img154.imageshack.us/img154/1262/wwzdx9.png[/img]
[img]http://img517.imageshack.us/img517/1542/dante90bu4.jpg[/img]
[img]http://img522.imageshack.us/img522/5276/eurohackersuserbarnb4.gif[/img]

Re: New Exploit For PunBB v1.2.15

Please read the description on this forum.. Click here <--- Click there to contact the admin hmm

3

Re: New Exploit For PunBB v1.2.15

http://punbb.org/forums/viewtopic.php?id=6110

Re: New Exploit For PunBB v1.2.15

I've also sent you an email about this.

Re: New Exploit For PunBB v1.2.15

yikes I wonder what the problem is ...

Re: New Exploit For PunBB v1.2.15

I do too, I'm still waiting for a reply wink

Re: New Exploit For PunBB v1.2.15

Just a heads up to people, I still haven't heard anything about this wink

8 (edited by Smartys 2007-11-18 20:52)

Re: New Exploit For PunBB v1.2.15

[Dante: we know, I've talked to you about this -Smartys]

[img]http://img154.imageshack.us/img154/1262/wwzdx9.png[/img]
[img]http://img517.imageshack.us/img517/1542/dante90bu4.jpg[/img]
[img]http://img522.imageshack.us/img522/5276/eurohackersuserbarnb4.gif[/img]

Re: New Exploit For PunBB v1.2.15

Dante, if you want to talk more about this with me, send me an email wink

Re: New Exploit For PunBB v1.2.15

Dante90 wrote:

[Dante: we know, I've talked to you about this -Smartys]

And the fault was??

Re: New Exploit For PunBB v1.2.15

Lets wait until there's a completely working version of 1.2.16? wink

Re: New Exploit For PunBB v1.2.15

But it was the Fix... O__O Dante

[img]http://img154.imageshack.us/img154/1262/wwzdx9.png[/img]
[img]http://img517.imageshack.us/img517/1542/dante90bu4.jpg[/img]
[img]http://img522.imageshack.us/img522/5276/eurohackersuserbarnb4.gif[/img]

Re: New Exploit For PunBB v1.2.15

Which you posted prior to a working, official release. In other words, people wouldn't necessarily know to upgrade but the problem would still be disclosed.

Re: New Exploit For PunBB v1.2.15

Sorry I didnt mean to hassle. Thanks for the info smartys.

Re: New Exploit For PunBB v1.2.15

StevenBullen wrote:

Sorry I didnt mean to hassle. Thanks for the info smartys.

Oh, don't worry about it wink
The bug was this one: http://dev.punbb.org/changeset/1094
Basically, we didn't check the referrer when changing passwords. Not an issue for normal users, since they require the old password to be inputted, but admins/mods that can edit passwords would submit without an issue.

Re: New Exploit For PunBB v1.2.15

Thank you for the Thanks big_smile I sent you an other email... smile This time it isn't a dangerous Bug xD Dante

[img]http://img154.imageshack.us/img154/1262/wwzdx9.png[/img]
[img]http://img517.imageshack.us/img517/1542/dante90bu4.jpg[/img]
[img]http://img522.imageshack.us/img522/5276/eurohackersuserbarnb4.gif[/img]