[URGENT] Forum Vulnerability

Please post computer issues here. We will try to help you. Also for showing off your PC.
Post Reply
distros
Big Chick
Posts: 58
Joined: Mon Mar 13, 2017 8:29 pm
KCNR Username: ducktooken

Mon Mar 20, 2017 9:56 pm

Hi webmaster.

For security reasons you should only allow images from photobocket, tinyimg, imgur, cubeupload or anyother trusted image hosting services.

A person could write a PHP script to capture IP addresses and in .htaccess they may redirect the .png file to the .php file which can allow people to get others ip addresses.

An snipped of what a person could get in their log file:

Code: Select all

IP Address: ************
Hostname: host-2************.net
Port Number: 6****1
User Agent: Mozilla**************************
HTTP Referer: ******************************
^^ my info.
Peter
The Cluckin' Godfather
Posts: 7052
Joined: Tue Aug 16, 2011 10:11 am
KCNR Username: Peter
Location: Hell

Tue Mar 21, 2017 1:05 am

Send me the IP addresses that you have caught.
Image

Want your own statistics counter? Look right here: viewtopic.php?f=25&t=1216
(Feature) introduction topic: viewtopic.php?f=25&t=28493
distros
Big Chick
Posts: 58
Joined: Mon Mar 13, 2017 8:29 pm
KCNR Username: ducktooken

Tue Mar 21, 2017 8:09 am

Peter wrote:
Tue Mar 21, 2017 1:05 am
Send me the IP addresses that you have caught.
they are all my ips but yeah i sent them.
MRNATEGEEK
Big Chick
Posts: 112
Joined: Tue Mar 14, 2017 3:02 am
KCNR Username: MRNATEGEEK

Wed Mar 22, 2017 4:34 am

distros wrote:
Mon Mar 20, 2017 9:56 pm
Hi webmaster.

For security reasons you should only allow images from photobocket, tinyimg, imgur, cubeupload or anyother trusted image hosting services.

A person could write a PHP script to capture IP addresses and in .htaccess they may redirect the .png file to the .php file which can allow people to get others ip addresses.

An snipped of what a person could get in their log file:

Code: Select all

IP Address: ************
Hostname: host-2************.net
Port Number: 6****1
User Agent: Mozilla**************************
HTTP Referer: ******************************
^^ my info.
Are you f*** serious? Do you mind telling me what was in the url in Private Message?
Peter
The Cluckin' Godfather
Posts: 7052
Joined: Tue Aug 16, 2011 10:11 am
KCNR Username: Peter
Location: Hell

Wed Mar 22, 2017 8:44 am

MRNATEGEEK wrote:
Wed Mar 22, 2017 4:34 am
distros wrote:
Mon Mar 20, 2017 9:56 pm
Hi webmaster.

For security reasons you should only allow images from photobocket, tinyimg, imgur, cubeupload or anyother trusted image hosting services.

A person could write a PHP script to capture IP addresses and in .htaccess they may redirect the .png file to the .php file which can allow people to get others ip addresses.

An snipped of what a person could get in their log file:

Code: Select all

IP Address: ************
Hostname: host-2************.net
Port Number: 6****1
User Agent: Mozilla**************************
HTTP Referer: ******************************
^^ my info.
Are you f*** serious? Do you mind telling me what was in the url in Private Message?
He isn't allowed to do that.
Image

Want your own statistics counter? Look right here: viewtopic.php?f=25&t=1216
(Feature) introduction topic: viewtopic.php?f=25&t=28493
distros
Big Chick
Posts: 58
Joined: Mon Mar 13, 2017 8:29 pm
KCNR Username: ducktooken

Wed Mar 22, 2017 9:30 pm

What private message
MRNATEGEEK
Big Chick
Posts: 112
Joined: Tue Mar 14, 2017 3:02 am
KCNR Username: MRNATEGEEK

Wed Mar 22, 2017 9:59 pm

distros wrote:
Wed Mar 22, 2017 9:30 pm
What private message
Just forget it, next on my list.
Post Reply