Leandrowin (OP)
Newbie
 Offline
Activity: 10
Merit: 0
|
 |
May 01, 2015, 01:57:55 AM |
|
Yes, earntomorrow is scam, Vod sorry, sorry all.I found an exploitable bug. The bug is here (The password reminder function can be used as an email bomber) https://i.imgur.com/TJJxA1h.pngDo you understand? If i helped the forum then please give me 0.007 BTC Thanks you!BTC ADDRESS 157si98weemtesVxpAxzYEHRxLwnEZiKVa
|
|
|
|
|
Leandrowin (OP)
Newbie
Offline
Activity: 10
Merit: 0
|
 |
May 01, 2015, 03:15:20 AM |
|
Bug #2
"Database stresser"
Yeah, i found a bug that can to stress the database.
|
|
|
|
|
|
bumpk1nK
|
|
May 01, 2015, 03:16:19 AM |
|
you are the biggest bug here now bugger off!  |
dc98wdHhcjkwleHUnBce8gd87teibN9ys38y3uTgsHG02e9-ok my keyboard works!
Insurance is a ripoff.
|
|
|
scat
Sr. Member
Offline
Activity: 350
Merit: 250
Scat The Billionaire
|
|
May 01, 2015, 04:52:25 AM |
|
yes AFAIK you are more big bug than another bugs lololol
|
|
|
|
koelen3
Legendary
Offline
Activity: 1022
Merit: 1007
Sooner or later, a man who wears two faces forgets
|
|
May 01, 2015, 10:29:33 AM |
|
Yes, earntomorrow is scam, Vod sorry, sorry all.I found an exploitable bug. The bug is here (The password reminder function can be used as an email bomber)  Do you understand? If i helped the forum then please give me 0.007 BTC Thanks you!BTC ADDRESS 157si98weemtesVxpAxzYEHRxLwnEZiKVa You can't certainly know whose email it is . THe email's are hidden , so you can't just bomb on a individual email but something random , but you're looking to bomb / spam a certain user , than i think it is possible. Did you tried it ? I think it won't send more than 1-2 emails  |
|
|
|
|
Leandrowin (OP)
Newbie
Offline
Activity: 10
Merit: 0
|
|
May 01, 2015, 12:53:33 PM |
|
Yes, earntomorrow is scam, Vod sorry, sorry all.I found an exploitable bug. The bug is here (The password reminder function can be used as an email bomber) https://i.imgur.com/TJJxA1h.pngDo you understand? If i helped the forum then please give me 0.007 BTC Thanks you!BTC ADDRESS 157si98weemtesVxpAxzYEHRxLwnEZiKVa You can't certainly know whose email it is . THe email's are hidden , so you can't just bomb on a individual email but something random , but you're looking to bomb / spam a certain user , than i think it is possible. Did you tried it ? I think it won't send more than 1-2 emails It says "Username/Email", you can use the username and you don't need to know his email. You can to spam any user. You can send thousands of emails. I can prove it, i have an exploit in python. |
|
|
|
|
Quickseller
Copper Member
Legendary
Offline
Activity: 2996
Merit: 2374
|
|
May 01, 2015, 01:00:05 PM |
|
I think you can only attempt to reset one password per 45 second period (based on IP address). So unless you have access to a large number of IP addresses then this would probably not actually work.
|
|
|
|
Leandrowin (OP)
Newbie
Offline
Activity: 10
Merit: 0
|
|
May 01, 2015, 01:05:06 PM |
|
I think you can only attempt to reset one password per 45 second period (based on IP address). So unless you have access to a large number of IP addresses then this would probably not actually work.
I know the SMF forums, you don't need more than 1 ip. And the developers don't think that it is a bug XD. And as i said i can prove it. who wanna test? |
|
|
|
|
Quickseller
Copper Member
Legendary
Offline
Activity: 2996
Merit: 2374
|
|
May 01, 2015, 01:08:26 PM |
|
I think you can only attempt to reset one password per 45 second period (based on IP address). So unless you have access to a large number of IP addresses then this would probably not actually work.
I know the SMF forums, you don't need more than 1 ip. And the developers don't think that it is a bug XD. Well considering that you are asking for ~$1.60 worth of Bitcoin, I somewhat doubt that you have put any kind of effort into this. It honestly sounds more like a donation scam to me. |
|
|
|
Leandrowin (OP)
Newbie
Offline
Activity: 10
Merit: 0
|
|
May 01, 2015, 01:12:11 PM |
|
I think you can only attempt to reset one password per 45 second period (based on IP address). So unless you have access to a large number of IP addresses then this would probably not actually work.
I know the SMF forums, you don't need more than 1 ip. And the developers don't think that it is a bug XD. Well considering that you are asking for ~$1.60 worth of Bitcoin, I somewhat doubt that you have put any kind of effort into this. It honestly sounds more like a donation scam to me. If it helps the forums why it is scam? I already knew this bug, that is all. You don't will find this bug in google!, i found it by myself. |
|
|
|
|
redsn0w
Legendary
Offline
Activity: 1778
Merit: 1043
#Free market
|
|
May 01, 2015, 01:25:43 PM |
|
I think you can only attempt to reset one password per 45 second period (based on IP address). So unless you have access to a large number of IP addresses then this would probably not actually work.
I know the SMF forums, you don't need more than 1 ip. And the developers don't think that it is a bug XD. Well considering that you are asking for ~$1.60 worth of Bitcoin, I somewhat doubt that you have put any kind of effort into this. It honestly sounds more like a donation scam to me. If it helps the forums why it is scam? I already knew this bug, that is all. You don't will find this bug in google!, i found it by myself. Have you sent a PM to theymos? if this is a bug I am sure he will send you a 'good bounty', maybe check also this thread: https://bitcointalk.org/index.php?topic=309785.0 (the rules part). |
|
|
|
|
dothebeats
Legendary
Offline
Activity: 3808
Merit: 1355
|
|
May 01, 2015, 07:21:23 PM |
|
I think you can only attempt to reset one password per 45 second period (based on IP address). So unless you have access to a large number of IP addresses then this would probably not actually work.
I know the SMF forums, you don't need more than 1 ip. And the developers don't think that it is a bug XD. Well considering that you are asking for ~$1.60 worth of Bitcoin, I somewhat doubt that you have put any kind of effort into this. It honestly sounds more like a donation scam to me. If it helps the forums why it is scam? I already knew this bug, that is all. You don't will find this bug in google!, i found it by myself. How could that be a "bug"? If it is one, then PM theymos regarding this "bug" and you might receive more than what you've asked for in this thread. |
|
|
|
|
bumpk1nK
|
|
May 02, 2015, 03:25:12 AM |
|
why is you people bothering with loser bug kid. let him go play in the dirt and find some real bugs with shells and wings and lots of feet.
|
dc98wdHhcjkwleHUnBce8gd87teibN9ys38y3uTgsHG02e9-ok my keyboard works!
Insurance is a ripoff.
|
|
|
Leandrowin (OP)
Newbie
Offline
Activity: 10
Merit: 0
|
|
May 02, 2015, 03:26:31 PM |
|
why is you people bothering with loser bug kid. let him go play in the dirt and find some real bugs with shells and wings and lots of feet.
You are the real hacker ? ... if i really want to bother then i do a denial of service (i know how to dos a SMF forum, you are reading this post because i am not dosing the forum). you don't care if your email is full of spam? and good bye, i don't need this stupid forum, full of ogres. |
|
|
|
|
koelen3
Legendary
Offline
Activity: 1022
Merit: 1007
Sooner or later, a man who wears two faces forgets
|
|
May 02, 2015, 03:35:43 PM |
|
why is you people bothering with loser bug kid. let him go play in the dirt and find some real bugs with shells and wings and lots of feet.
You are the real hacker ? ... if i really want to bother then i do a denial of service (i know how to dos a SMF forum, you are reading this post because i am not dosing the forum). you don't care if your email is full of spam? and good bye, i don't need this stupid forum, full of ogres. The problem with the forum is when any newbie tries to be funny or off-topic , he is considered as Spammer or Troll . This has happened because of the rapidly increasing Shill's and Signature Campaign Spammers. Some people just do post anything for Signature . You might think that this is a major bug but no one thinks it that way , it can't be changed and i don't thing someone have time to email spam anyone. Even if they do , Theymos won't change it now , would he ? It would lead to problem if someone actually forget his/her password and then email don't go through , he'll be stuck for say 5 minute limit ? About the part of doing a DoS attack , Good luck if you are going to try one . I don't think it's that easy since theymos took some good security measures after the last one and if by chance you succeed that'll be good too as he'll then implement better Security. |
|
|
|
|
|
Muhammed Zakir
|
|
May 02, 2015, 03:38:45 PM |
|
I think what he said is true. Tried ~10+ times and all the time it showed reset email was sent. A time limit should be set IMHO.
|
|
|
|
sgk
Legendary
Offline
Activity: 1470
Merit: 1002
!! HODL !!
|
|
May 02, 2015, 03:48:12 PM |
|
Even if it is true, it is not a bug.
It is an unintended behavior which SMF developers haven't thought of addressing yet.
Maybe this was never found to be a trouble maker and nobody thought of addressing it.
But i am sure if there is a way for theymos to address this, he would certainly do it if you bring this to his attention.
|
|
|
|
|
koelen3
Legendary
Offline
Activity: 1022
Merit: 1007
Sooner or later, a man who wears two faces forgets
|
|
May 02, 2015, 03:48:19 PM |
|
I think what he said is true. Tried ~10+ times and all the time it showed reset email was sent. A time limit should be set IMHO.
I remember what happened to me some months ago, i was not so active and it was soon when i got active but when i got back i had forgotten my password and i reset it by email but at first i did not received any email, and to my surprise same followed for next 2 times. after it i got the mail and i successfully rest my password. So it'll be a little problem to have a limit but a 5 minute limit should not hurt , looking at the spamming function it can be used for. |
|
|
|
|
|
R2D221
|
|
May 02, 2015, 05:57:03 PM |
|
I give you permission to attack my account. It's not like Google servers will die anytime soon.
|
An economy based on endless growth is unsustainable.
|
|
|
|
Twipple
|
|
May 02, 2015, 10:22:38 PM |
|
Well considering that you are asking for ~$1.60 worth of Bitcoin, I somewhat doubt that you have put any kind of effort into this.
It honestly sounds more like a donation scam to me.
Behold!! Inappropriate negative trust incoming on your account. I guess its not your fault if it does come. https://bitcointalk.org/index.php?topic=1035687 |
|
|
|
|
|
