Topic: 1.42 big bug
on 1.42!a guy always can modify the admin's pwd!
and then turn my website into maintence mode
even if i block the changpass function!
this is important !anybody can fix it
2 2012-03-26 04:16 (edited by zqzhr 2012-03-26 05:44)
Re: 1.42 big bug
no constructers or administrators give a response?
- hcs
- Administrator
- Offline
Re: 1.42 big bug
Please, tell step by step instructions how to reproduce this bug. Use bugreport page: http://punbb.informer.com/bugreport.php
Thanks
Re: 1.42 big bug
i dont know how he modify the admin's pwd .
if i know ,i can easily block this function!
but by communication,he say he can hack any forum.but dont provide any information!
i just guess he use sql inject,but i dont know which page or form he inject !
now i'm getting crazy!
Re: 1.42 big bug
does punbb has no logs to record what the administrators op?
- hcs
- Administrator
- Offline
Re: 1.42 big bug
Logging is possible if the extension is installed pun_admin_log.
Vulnerabilities may be in the extensions.
- dimkalinux
- Administrator
- Offline
Re: 1.42 big bug
Use apache logs for investigation - its logs every request.