|
Title: The forum has a bug. Post by: Leandrowin on May 01, 2015, 01:57:55 AM Yes, earntomorrow is scam, Vod sorry, sorry all.
I found an exploitable bug. The bug is here (The password reminder function can be used as an email bomber) https://i.imgur.com/TJJxA1h.png Do you understand? If i helped the forum then please give me 0.007 BTC Thanks you! BTC ADDRESS 157si98weemtesVxpAxzYEHRxLwnEZiKVa Title: Re: The forum has a bug. Post by: Leandrowin on May 01, 2015, 03:15:20 AM Bug #2
"Database stresser" Yeah, i found a bug that can to stress the database. Title: Re: The forum has a bug. Post by: bumpk1nK on May 01, 2015, 03:16:19 AM you are the biggest bug here now bugger off! :D
Title: Re: The forum has a bug. Post by: scat on May 01, 2015, 04:52:25 AM yes AFAIK you are more big bug than another bugs lololol
Title: Re: The forum has a bug. Post by: koelen3 on May 01, 2015, 10:29:33 AM Yes, earntomorrow is scam, Vod sorry, sorry all. I found an exploitable bug. The bug is here (The password reminder function can be used as an email bomber) https://i.imgur.com/TJJxA1h.png Do you understand? If i helped the forum then please give me 0.007 BTC Thanks you! BTC ADDRESS 157si98weemtesVxpAxzYEHRxLwnEZiKVa You can't certainly know whose email it is . THe email's are hidden , so you can't just bomb on a individual email but something random , but you're looking to bomb / spam a certain user , than i think it is possible. Did you tried it ? I think it won't send more than 1-2 emails :-\ Title: Re: The forum has a bug. Post by: Leandrowin on May 01, 2015, 12:53:33 PM Yes, earntomorrow is scam, Vod sorry, sorry all. I found an exploitable bug. The bug is here (The password reminder function can be used as an email bomber) https://i.imgur.com/TJJxA1h.png Do you understand? If i helped the forum then please give me 0.007 BTC Thanks you! BTC ADDRESS 157si98weemtesVxpAxzYEHRxLwnEZiKVa You can't certainly know whose email it is . THe email's are hidden , so you can't just bomb on a individual email but something random , but you're looking to bomb / spam a certain user , than i think it is possible. Did you tried it ? I think it won't send more than 1-2 emails :-\ It says "Username/Email", you can use the username and you don't need to know his email. You can to spam any user. You can send thousands of emails. I can prove it, i have an exploit in python. Title: Re: The forum has a bug. Post by: Quickseller on May 01, 2015, 01:00:05 PM I think you can only attempt to reset one password per 45 second period (based on IP address). So unless you have access to a large number of IP addresses then this would probably not actually work.
Title: Re: The forum has a bug. Post by: Leandrowin on May 01, 2015, 01:05:06 PM I think you can only attempt to reset one password per 45 second period (based on IP address). So unless you have access to a large number of IP addresses then this would probably not actually work. I know the SMF forums, you don't need more than 1 ip. And the developers don't think that it is a bug XD. And as i said i can prove it. who wanna test? Title: Re: The forum has a bug. Post by: Quickseller on May 01, 2015, 01:08:26 PM I think you can only attempt to reset one password per 45 second period (based on IP address). So unless you have access to a large number of IP addresses then this would probably not actually work. I know the SMF forums, you don't need more than 1 ip. And the developers don't think that it is a bug XD. It honestly sounds more like a donation scam to me. Title: Re: The forum has a bug. Post by: Leandrowin on May 01, 2015, 01:12:11 PM I think you can only attempt to reset one password per 45 second period (based on IP address). So unless you have access to a large number of IP addresses then this would probably not actually work. I know the SMF forums, you don't need more than 1 ip. And the developers don't think that it is a bug XD. It honestly sounds more like a donation scam to me. If it helps the forums why it is scam? I already knew this bug, that is all. You don't will find this bug in google!, i found it by myself. Title: Re: The forum has a bug. Post by: redsn0w on May 01, 2015, 01:25:43 PM I think you can only attempt to reset one password per 45 second period (based on IP address). So unless you have access to a large number of IP addresses then this would probably not actually work. I know the SMF forums, you don't need more than 1 ip. And the developers don't think that it is a bug XD. It honestly sounds more like a donation scam to me. If it helps the forums why it is scam? I already knew this bug, that is all. You don't will find this bug in google!, i found it by myself. Have you sent a PM to theymos? if this is a bug I am sure he will send you a 'good bounty', maybe check also this thread: https://bitcointalk.org/index.php?topic=309785.0 (the rules part). Title: Re: The forum has a bug. Post by: dothebeats on May 01, 2015, 07:21:23 PM I think you can only attempt to reset one password per 45 second period (based on IP address). So unless you have access to a large number of IP addresses then this would probably not actually work. I know the SMF forums, you don't need more than 1 ip. And the developers don't think that it is a bug XD. It honestly sounds more like a donation scam to me. If it helps the forums why it is scam? I already knew this bug, that is all. You don't will find this bug in google!, i found it by myself. How could that be a "bug"? If it is one, then PM theymos regarding this "bug" and you might receive more than what you've asked for in this thread. Title: Re: The forum has a bug. Post by: bumpk1nK on May 02, 2015, 03:25:12 AM why is you people bothering with loser bug kid. let him go play in the dirt and find some real bugs with shells and wings and lots of feet.
Title: Re: The forum has a bug. Post by: Leandrowin on May 02, 2015, 03:26:31 PM why is you people bothering with loser bug kid. let him go play in the dirt and find some real bugs with shells and wings and lots of feet. You are the real hacker ? ... if i really want to bother then i do a denial of service (i know how to dos a SMF forum, you are reading this post because i am not dosing the forum). you don't care if your email is full of spam? and good bye, i don't need this stupid forum, full of ogres. Title: Re: The forum has a bug. Post by: koelen3 on May 02, 2015, 03:35:43 PM why is you people bothering with loser bug kid. let him go play in the dirt and find some real bugs with shells and wings and lots of feet. You are the real hacker ? ... if i really want to bother then i do a denial of service (i know how to dos a SMF forum, you are reading this post because i am not dosing the forum). you don't care if your email is full of spam? and good bye, i don't need this stupid forum, full of ogres. The problem with the forum is when any newbie tries to be funny or off-topic , he is considered as Spammer or Troll . This has happened because of the rapidly increasing Shill's and Signature Campaign Spammers. Some people just do post anything for Signature . You might think that this is a major bug but no one thinks it that way , it can't be changed and i don't thing someone have time to email spam anyone. Even if they do , Theymos won't change it now , would he ? It would lead to problem if someone actually forget his/her password and then email don't go through , he'll be stuck for say 5 minute limit ? :-\ About the part of doing a DoS attack , Good luck if you are going to try one . I don't think it's that easy since theymos took some good security measures after the last one and if by chance you succeed that'll be good too as he'll then implement better Security. Title: Re: The forum has a bug. Post by: Muhammed Zakir on May 02, 2015, 03:38:45 PM I think what he said is true. Tried ~10+ times and all the time it showed reset email was sent. A time limit should be set IMHO.
Title: Re: The forum has a bug. Post by: sgk on May 02, 2015, 03:48:12 PM Even if it is true, it is not a bug.
It is an unintended behavior which SMF developers haven't thought of addressing yet. Maybe this was never found to be a trouble maker and nobody thought of addressing it. But i am sure if there is a way for theymos to address this, he would certainly do it if you bring this to his attention. Title: Re: The forum has a bug. Post by: koelen3 on May 02, 2015, 03:48:19 PM I think what he said is true. Tried ~10+ times and all the time it showed reset email was sent. A time limit should be set IMHO. I remember what happened to me some months ago, i was not so active and it was soon when i got active but when i got back i had forgotten my password and i reset it by email but at first i did not received any email, and to my surprise same followed for next 2 times. after it i got the mail and i successfully rest my password. So it'll be a little problem to have a limit but a 5 minute limit should not hurt , looking at the spamming function it can be used for. Title: Re: The forum has a bug. Post by: R2D221 on May 02, 2015, 05:57:03 PM I give you permission to attack my account. It's not like Google servers will die anytime soon.
Title: Re: The forum has a bug. Post by: Twipple on May 02, 2015, 10:22:38 PM Well considering that you are asking for ~$1.60 worth of Bitcoin, I somewhat doubt that you have put any kind of effort into this. It honestly sounds more like a donation scam to me. Behold!! Inappropriate negative trust incoming on your account. I guess its not your fault if it does come. https://bitcointalk.org/index.php?topic=1035687 |
