MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > An XSS attack?
Full Version: An XSS attack?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

aiping

2013-07-08, 03:12 PM
We host a MYBB forum on our site. Two weeks ago there was a strange thing happened to our forum users. We have users A, B and C. A found there were two posts under her username actually posted by somebody else. Later on C said they were written and posted by her, but she didn't know how it happened. C said the username displayed in the posting box was A's at the time she was writing those posts, but C logged in with her own credentials always. B sometime later had some difficulty to log into her account and after she logged into the forum, she couldn't access her private messages. And at some time, she saw an error message when she was trying to post, "Authorization code mismatch. Are you accessing this function correctly? Please go back and try again." And also for one time, B saw C's username displayed in the posting box instead of hers, another time, C saw A's username displayed in the posting box instead of hers.

And everything was back to normal for those three users since last week.

How did this happen? It seems one user's identity was stolen and used by another user. Is there possible that B and C experienced XSS attacks? If so, how to prove it? Or something else happened to our users.

The mybb version we are using is 1.6.3. We are using php 5.3 on Linux server. Please help. Thanks!

Arbaz

2013-07-08, 04:13 PM
It can't be a XSS attack. From what I know, XSS attacks can be used to deface a website and some other stuff but definitely not bounce the posts around.

The authorization mismatch occurs when there are multiple logins in one account or even trying to login, you double or triple click the login button but in this case I believe it's most likely because there were multiple logins. Are you sure that those users aren't fake accounts trying to spam or trying to do something a website admin wouldn't/shouldn't wish to happen? Such as fake vouching, spamming, advertising, etc.

aiping

2013-07-08, 04:39 PM
Race, thanks for your reply! Those users are serious users in our forum. Each of them has only one account to log into the site.

Leefish

2013-07-08, 07:06 PM
Are they all on the same network? I remember another help topic about this.

This thread:

http://community.mybb.com/thread-114501....ht=network

aiping

2013-07-08, 07:58 PM
The three of them live in three different states here. So unlikely they are in the same local network.

Leefish

2013-07-08, 08:47 PM
It can also be ISP apparently - did you read the whole thread I linked?

frostschutz

2013-07-08, 08:56 PM
(2013-07-08, 03:12 PM)aiping Wrote: [ -> ]The mybb version we are using is 1.6.3.

That's well over 2 years old now. And most updates since then also included security fixes.

Leefish

2013-07-08, 08:58 PM
Well spotted Frost - I missed that when I first read the thread.

aiping

2013-07-09, 08:06 PM
Thanks guys! I probably will do a upgrade to the newest version of mybb.
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > An XSS attack?