MyBB Community Forums

Full Version: i am using mybb by only two days but ..
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3
i am using mybb by only two days but i can easily hack passwords with an img or stole you cookies by uploading an html file

ucoz had made a security update for first hack (img) so that group User wasn't able to use img code ([img][/img]) Wink can i do so that if user has less than eight weeks when it is registered do not be able to post img .. (only if you was agree with this future) + it would be better if you dont allow users to post this type of img if you want i can show a demo right here on mybb forum but i dont want to get banned
i know that a webmaster will know that this is a hack but for a beginer ...

becouse of img my website was hacked once Wink (it's true that this hack everyone can easy use on any site that gives to him acces to bbcode but .. would be great if you remove this seccurity bug)
????????
Unless you can provide some code or something, nobody has any idea what you're talking about. PM me what you think is the problem.
I don't really understand you. :s
i no that i don;t speack english so well but i sayd that i can hack your passwords or stole you cookies (and with them i can login from your account)
I think he's talking about the fact you can embed PHP images using [img]. You could then grab cookies from this script. I don't know how you could possibly grab anything else (like database name/password) without including global.php or config.php though.
(2010-11-16, 07:54 AM)Evollution Wrote: [ -> ]i no that i don;t speack english so well but i sayd that i can hack your passwords or stole you cookies (and with them i can login from your account)

How can [img][/img] steal our cookies? :s
This actually made me laugh.
Even with cookies, he still won't be able to get into our accounts.
MyBB also has an awesome salt included in de hash with the password somewhere for extra protection, he can't grab that Wink
uCoz =/= MyBB. Smile
ok try to put [img]link[/img] on any website and you will see how it works Wink

http://fifastars.net84.net/scripts/mybb/cool.php replace link with this <<-
(2010-11-16, 08:19 AM)darkly Wrote: [ -> ]uCoz =/= MyBB. Smile


Smile) this script works on anywebsite ))) ucoz vbulletin phpbb joomla ... ii dont know smf..
Pages: 1 2 3