MyBB Community Forums

MyBB Community Forums > Extensions > Plugins > Plugin Support > Extra File Chatbox -Glitches/ Exlpoits [FIXED]
Full Version: Extra File Chatbox -Glitches/ Exlpoits [FIXED]
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Salih I

2010-09-21, 04:25 PM
all have been fixed, requesting staff to lock this out.

crypt

2010-09-21, 09:42 PM
Needs a major revision this shoutbox, omg how do i tell users we may have been snooped on for a long time Blush

maybee this will help? not got time to test it myself
http://community.mybb.com/thread-75991.html

Salih I

2010-09-22, 05:12 AM
(2010-09-21, 09:42 PM)crypt Wrote: [ -> ]Needs a major revision this shoutbox, omg how do i tell users we may have been snooped on for a long time Blush

maybee this will help? not got time to test it myself
http://community.mybb.com/thread-75991.html

Same thing, i had to face, i removed my shoutbox and all my members where like "Pro i cant see shoutbox" and bombarded me with PMs.

ChangUonDyU

2010-09-22, 01:33 PM
to deny illegal access, please use TURN ON ChatboxKey or DomainReffer Check (set in config.php)
Quote:$config['check_domain_reffer'] = false;
$config['check_chatbox_key'] = false;
change false to true and set your key or domain
Quote:$config['forumlink'] = 'domain1.net/forum,domain2.com';
$config['chatboxkey'] = 'your_chatbox_key';
Quote:Anyone can see the chatbox without loggin in
to complicated for hidden chatbox message from guest, and i think it isn't necessary Big Grin

Salih I

2010-09-22, 02:02 PM
(2010-09-22, 01:33 PM)ChangUonDyU Wrote: [ -> ]to deny illegal access, please use TURN ON ChatboxKey or DomainReffer Check (set in config.php)
Quote:$config['check_domain_reffer'] = false;
$config['check_chatbox_key'] = false;
change false to true and set your key or domain
Quote:$config['forumlink'] = 'domain1.net/forum,domain2.com';
$config['chatboxkey'] = 'your_chatbox_key';
Quote:Anyone can see the chatbox without loggin in
to complicated for hidden chatbox message from guest, and i think it isn't necessary Big Grin

FIXED Problem 3. what about 2 and 1 ???

See an xss exploit can be passed after = variable.
site.com/chatbox/archive.php=<srcipt>shell.php</scipt>

So both 1 and 2 are important.

Reserector

2010-09-24, 03:59 PM
(2010-09-21, 04:25 PM)ProVirus Wrote: [ -> ]Link to the plugin :- http://community.mybb.com/thread-63559.html

(1) Anyone can see the chatbox without loggin in:-
Quote:www .yoursite.com/chatbox/index.php
Solution: Trying to work on it...Not important though....

Go to ACP/Configurations tab.
In the "ChangUonDyU - Extra File Chatbox" configurations, set "List of UsergroupID cant view Chatbox (Separate by comma)" according to your preference. 1 = Guests 7= Banned
I have mine set to "1,7" and it is not visible unless I am logged in.
http://reserector.com/
user: tester
pass: mybbtester

I think I see what you are saying. You can use the chatbox's URL and still see the shouts.

Salih I

2010-09-24, 04:21 PM
(2010-09-24, 03:59 PM)Reserector Wrote: [ -> ]I think I see what you are saying. You can use the chatbox's URL and still see the shouts.
Thats what i meant mate Smile

lolsee2

2011-09-14, 10:23 AM
Actually how to fix this Vul
MyBB Community Forums > Extensions > Plugins > Plugin Support > Extra File Chatbox -Glitches/ Exlpoits [FIXED]