2010-09-21, 04:25 PM
2010-09-21, 09:42 PM
Needs a major revision this shoutbox, omg how do i tell users we may have been snooped on for a long time
maybee this will help? not got time to test it myself
http://community.mybb.com/thread-75991.html
maybee this will help? not got time to test it myself
http://community.mybb.com/thread-75991.html
2010-09-22, 05:12 AM
(2010-09-21, 09:42 PM)crypt Wrote: [ -> ]Needs a major revision this shoutbox, omg how do i tell users we may have been snooped on for a long time
maybee this will help? not got time to test it myself
http://community.mybb.com/thread-75991.html
Same thing, i had to face, i removed my shoutbox and all my members where like "Pro i cant see shoutbox" and bombarded me with PMs.
2010-09-22, 01:33 PM
to deny illegal access, please use TURN ON ChatboxKey or DomainReffer Check (set in config.php)
Quote:$config['check_domain_reffer'] = false;change false to true and set your key or domain
$config['check_chatbox_key'] = false;
Quote:$config['forumlink'] = 'domain1.net/forum,domain2.com';
$config['chatboxkey'] = 'your_chatbox_key';
Quote:Anyone can see the chatbox without loggin into complicated for hidden chatbox message from guest, and i think it isn't necessary
2010-09-22, 02:02 PM
(2010-09-22, 01:33 PM)ChangUonDyU Wrote: [ -> ]to deny illegal access, please use TURN ON ChatboxKey or DomainReffer Check (set in config.php)
Quote:$config['check_domain_reffer'] = false;change false to true and set your key or domain
$config['check_chatbox_key'] = false;
Quote:$config['forumlink'] = 'domain1.net/forum,domain2.com';
$config['chatboxkey'] = 'your_chatbox_key';
Quote:Anyone can see the chatbox without loggin into complicated for hidden chatbox message from guest, and i think it isn't necessary
FIXED Problem 3. what about 2 and 1 ???
See an xss exploit can be passed after = variable.
site.com/chatbox/archive.php=<srcipt>shell.php</scipt>
So both 1 and 2 are important.
2010-09-24, 03:59 PM
(2010-09-21, 04:25 PM)ProVirus Wrote: [ -> ]Link to the plugin :- http://community.mybb.com/thread-63559.html
(1) Anyone can see the chatbox without loggin in:-
Quote:www .yoursite.com/chatbox/index.phpSolution: Trying to work on it...Not important though....
Go to ACP/Configurations tab.
In the "ChangUonDyU - Extra File Chatbox" configurations, set "List of UsergroupID cant view Chatbox (Separate by comma)" according to your preference. 1 = Guests 7= Banned
I have mine set to "1,7" and it is not visible unless I am logged in.
http://reserector.com/
user: tester
pass: mybbtester
I think I see what you are saying. You can use the chatbox's URL and still see the shouts.
2010-09-24, 04:21 PM
(2010-09-24, 03:59 PM)Reserector Wrote: [ -> ]I think I see what you are saying. You can use the chatbox's URL and still see the shouts.Thats what i meant mate
2011-09-14, 10:23 AM
Actually how to fix this Vul