MyBB Community Forums

wait ... wait im from italy ??



italy is a nice country i want to go there

ok the thing is i did it for pen testing nothing more

no one of the websits was hacked

and another thing :
the '.system(getenv(HTTP_J)).' usernames are from an exploit i think i sow it on milworm it wont do anthing much cuz username lenght must be more than 30 letters

Chris Boulton
about the plugin
what other commands do you think is there ??
*hint : passthru , exec ,shell_exec ,,,etc

if you gona make a plugin make it to remove the magic_qoutes
and im sorry for evry one i tested this bug one his site and i didnt doo anything it was a pen test only

and the Script Kiddy thing i dont like it
at least i made the exploit before it was public
and im a good guy common dont be meen to me

cheers

Um...why shouldnt i contact your ISP...no body would do it without a view to causing trouble.

the first thing is i didn't cause any trouble .
the second thing is that my ISP wont careless about anything your gona say .

and the most important thing is my site is using mybb forums
i need it to be more secured

later ill upload plugins i made for the mybb forums to make it more secure to command injections

cheers

I don't think anyone will trust your plugins now. If you wanted to test MyBB security, you could've installed 20 different MyBB boards under 20 different databases on your OWN webspace.

If you were one of the ones that hit my board, then I'm sorry to tell you that you've already been reported to your ISP and, yes, I'm afraid that every ISP DOES care about their customers trying to "hack" other people. It gives them a bad reputation, is bad for business, and therefore costs them money.

I would advise that you stop "pen testing" before you get yourself in trouble.

But chris there is no file attached to that post, i'm talking about the plugin.

Anyway, i had such registration before even updating to 1.1.3, however i'm not sure if it has affected anything, i haven't checked in details.

regards


FIXED

Galen
thanx for the advise and im sorry of what happend to your board
and trully i didnt hit or hack any one
cuz i think its one of the stupidest things in the world
and i wish for you a good luck with the report

Yeah got hit too at the rcthq. IP Address is at 81.181.144.11 and he or she was using the email address at [email protected]

never mind guys, just use the plugin made by mybb group, check it here

regards

Thanks...it's been needed. I keep getting new registrations under this username and it's rather bothersome to delete them. Also I am very concerned about being exploited.

Yeah, I'm using the plugin. Very nice. MyBB 1.1.3 is secure from this exploit, but it's still a pain to have to delete the script kiddy accounts.

Quote:...and he or she was using the email address at [email protected]

Yeah, that was the e-mail used on my board too. Probably just some innocent person's e-mail address that got plucked off of a spam list.