MyBB Community Forums

Hope nayar will release it soon as many members suffering now,only that hacker applying that methord to hack.

This plugin caused a trouble to lot, hmm. I see Nayar inactive over here, lets hope he sees pavemen's mail.

(2011-11-30, 04:41 AM)crazy4cs Wrote: [ -> ]This plugin caused a trouble to lot, hmm. I see Nayar inactive over here, lets hope he sees pavemen's mail.

He has and I have directed him to where to obtain the updated file. It's all up to him now

surprising to me, I was just affected by this vulnerability. i am running the updated file, so i guess I need to double check all the ways fbconnect works....

Pavemen, you're forum is compromised as well? fbconnect is very much essential for you? I'd personally not use such facebook connecting plugins anytime, because it hassles too much, also breaks the default system and also creates any potential vulnerabilities issues.

---

edit: As I suggested earlier, add </noscript> (with wildcard) to banned username list.

it have not found it to break anything default, it works fine, except for this idiot going around and inserting the JS username. i have several users from it, so its working for me.

---

okay, so i had a small typo in my fix that let the registration with bad characters continue. i think it is fixed, Nayar has been contacted with the new file

I guess he is present over here and spying on fbconnect thread and finds the site which uses it, lol.

i dont doubt that at all

Hey guys- well my site has been hacked again. When I made the changes to the facebook plugin it seemed no one could sign up any longer, so I switched things back to normal settings thinking I would just undo the hacker whenever he showed up.

But now it seems he may have changed his game... I'm not sure. But I deleted the user with the funky user name (as I did last time) but the site is still hacked.

Any ideas? Do you need any more info? Thanks for the help.

^ same thing again ; create a dummy user from admin panel !!