Author Topic: SMF Forum Exploit?  (Read 4784 times)

0 Members and 1 Guest are viewing this topic.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
SMF Forum Exploit?
« on: January 05, 2006, 12:11:30 am »
It seems that you can fake the "last edit" tag, as I will demonstrate in this thread shortly :)

<edit> It should appear to be edited by Newby!
« Last Edit: January 05, 2006, 12:13:59 am by Newby. »

Offline Ergot

  • 吴立峰 ^_^ !
  • x86
  • Hero Member
  • *****
  • Posts: 3724
  • I steal bandwidth. p_o
    • View Profile
Re: SMF Forum Exploit?
« Reply #1 on: January 05, 2006, 12:14:35 am »
omg hax... the poster of the thread turns into Newby @_@
Or well.. it did for a second... wait... all posts by iago said Newby :O
« Last Edit: January 05, 2006, 12:20:37 am by Ergot »
Who gives a damn? I fuck sheep all the time.
And yes, male both ends.  There are a couple lesbians that need a two-ended dildo...My router just refuses to wear a strap-on.
(05:55:03) JoE ThE oDD: omfg good job i got a boner thinkin bout them chinese bitches
(17:54:15) Sidoh: I love cosmetology

Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: SMF Forum Exploit?
« Reply #2 on: January 05, 2006, 12:56:46 am »
How is this done?

How is this meaningful, other than significant in the coding perspective?
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: SMF Forum Exploit?
« Reply #3 on: January 05, 2006, 01:00:38 am »
It's done with a clever trick I discovered, thanks to Ergot, in fact. 

The only real use of it is that you can frame somebody, or you can edit somebody else's post (as a moderator) without anybody knowing who edited the post.  This isn't major, but it can be useful in some cases. 

Offline Ergot

  • 吴立峰 ^_^ !
  • x86
  • Hero Member
  • *****
  • Posts: 3724
  • I steal bandwidth. p_o
    • View Profile
Re: SMF Forum Exploit?
« Reply #4 on: January 05, 2006, 01:07:24 am »
Like for pranking! You silly goose!

iago poons you noob!
« Last Edit: January 05, 2006, 01:09:12 am by iago. »
Who gives a damn? I fuck sheep all the time.
And yes, male both ends.  There are a couple lesbians that need a two-ended dildo...My router just refuses to wear a strap-on.
(05:55:03) JoE ThE oDD: omfg good job i got a boner thinkin bout them chinese bitches
(17:54:15) Sidoh: I love cosmetology

Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: SMF Forum Exploit?
« Reply #5 on: January 05, 2006, 09:00:02 am »
Is this where you change your display name, edit something, and post?

That's old, I did this on vL a while ago.

EDIT -- Notice the dot after my name? Yep. That's how I can tell it's either the same thing I've done or it's something totally new, seeing as how Ergot's one post was edited by "iago" and not "iago." :O!

And apparently the second coming of Christ has occured, he's edited my post!
« Last Edit: January 05, 2006, 09:01:54 am by Jesus H. Christ »
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: SMF Forum Exploit?
« Reply #6 on: January 05, 2006, 10:21:23 am »
To most, the "." after the name looks like it's ending the sentence :P

Offline Blaze

  • x86
  • Hero Member
  • *****
  • Posts: 7136
  • Canadian
    • View Profile
    • Maide
Re: SMF Forum Exploit?
« Reply #7 on: January 05, 2006, 12:25:12 pm »
Oh, I thought it was something new and neat... but its just that old trick? You had my hopes up. :'(
And like a fool I believed myself, and thought I was somebody else...

trust

  • Guest
Re: SMF Forum Exploit?
« Reply #8 on: January 05, 2006, 07:51:09 pm »
how do you do it

Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: SMF Forum Exploit?
« Reply #9 on: January 05, 2006, 08:46:27 pm »
how do you do it

Post, change your name, edit that post, then change your name back.
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: SMF Forum Exploit?
« Reply #10 on: January 05, 2006, 09:18:47 pm »
While this really isn't that big of a deal, I don't really see the point in them not implementing something to prevent it.

I personally think having the ability for the users to change their display name is stupid.  That's really the only problem I have with SMF, other than that, it's great software.

Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: SMF Forum Exploit?
« Reply #11 on: January 05, 2006, 09:30:16 pm »
I personally think having the ability for the users to change their display name is stupid.  That's really the only problem I have with SMF, other than that, it's great software.

I love it. It keeps them from making new accounts!

And you can disable name changing, which IIRC I had to enable again. :P
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: SMF Forum Exploit?
« Reply #12 on: January 06, 2006, 01:00:10 am »
I personally think having the ability for the users to change their display name is stupid.  That's really the only problem I have with SMF, other than that, it's great software.

I love it. It keeps them from making new accounts!

And you can disable name changing, which IIRC I had to enable again. :P

If you need to change your name enough to where it's a serious need/want (like you've actually changed your handle), I think it would be easier to just request that an admin/mod change it.  That way you also avoid all of the extra complications that you get due to the ability to freely change it.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: SMF Forum Exploit?
« Reply #13 on: January 06, 2006, 03:47:23 am »
I fully agree, and people were changing their display names to dumb things just to abuse the fact that it's annoying (Warrior comes to mind).  I really wish I could have turned it off, but ohwell.  Ergot also changed his to something annoying this week, but he found it got changed back on its own (*gasp*)!

But for this actual problem, it seems like it would make more sense storing the user_id of the last editor, not the username..

Offline Ergot

  • 吴立峰 ^_^ !
  • x86
  • Hero Member
  • *****
  • Posts: 3724
  • I steal bandwidth. p_o
    • View Profile
Re: SMF Forum Exploit?
« Reply #14 on: January 06, 2006, 03:52:06 am »
I suspected it was either you or Newbis.
Who gives a damn? I fuck sheep all the time.
And yes, male both ends.  There are a couple lesbians that need a two-ended dildo...My router just refuses to wear a strap-on.
(05:55:03) JoE ThE oDD: omfg good job i got a boner thinkin bout them chinese bitches
(17:54:15) Sidoh: I love cosmetology