2013-07-08, 03:12 PM
We host a MYBB forum on our site. Two weeks ago there was a strange thing happened to our forum users. We have users A, B and C. A found there were two posts under her username actually posted by somebody else. Later on C said they were written and posted by her, but she didn't know how it happened. C said the username displayed in the posting box was A's at the time she was writing those posts, but C logged in with her own credentials always. B sometime later had some difficulty to log into her account and after she logged into the forum, she couldn't access her private messages. And at some time, she saw an error message when she was trying to post, "Authorization code mismatch. Are you accessing this function correctly? Please go back and try again." And also for one time, B saw C's username displayed in the posting box instead of hers, another time, C saw A's username displayed in the posting box instead of hers.
And everything was back to normal for those three users since last week.
How did this happen? It seems one user's identity was stolen and used by another user. Is there possible that B and C experienced XSS attacks? If so, how to prove it? Or something else happened to our users.
The mybb version we are using is 1.6.3. We are using php 5.3 on Linux server. Please help. Thanks!
And everything was back to normal for those three users since last week.
How did this happen? It seems one user's identity was stolen and used by another user. Is there possible that B and C experienced XSS attacks? If so, how to prove it? Or something else happened to our users.
The mybb version we are using is 1.6.3. We are using php 5.3 on Linux server. Please help. Thanks!