Bitcoin Forum
June 27, 2019, 11:31:20 AM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: wasn't there an exploit through avatars? fixed?  (Read 1008 times)
pooya87
Legendary
*
Offline Offline

Activity: 1680
Merit: 1712



View Profile
March 18, 2017, 05:44:40 AM
 #1

i remember back in my registration date 2014 avatars were disabled and remember reading someone exploited something using avatars by injecting a code through them or something like that (memory is hazy!).

the reason i ask this is because i just noticed someone (an account from 2011) has his avatar hosted somewhere else instead of the picture being on bitcointalk!

normally the avatars are here: https://bitcointalk.org/useravatars/avatar_{some number}.png

but someone has it like this:

1561635080
Hero Member
*
Offline Offline

Posts: 1561635080

View Profile Personal Message (Offline)

Ignore
1561635080
Reply with quote  #2

1561635080
Report to moderator
1561635080
Hero Member
*
Offline Offline

Posts: 1561635080

View Profile Personal Message (Offline)

Ignore
1561635080
Reply with quote  #2

1561635080
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1561635080
Hero Member
*
Offline Offline

Posts: 1561635080

View Profile Personal Message (Offline)

Ignore
1561635080
Reply with quote  #2

1561635080
Report to moderator
1561635080
Hero Member
*
Offline Offline

Posts: 1561635080

View Profile Personal Message (Offline)

Ignore
1561635080
Reply with quote  #2

1561635080
Report to moderator
Quickseller
Copper Member
Legendary
*
Offline Offline

Activity: 1820
Merit: 1698



View Profile WWW
March 18, 2017, 06:03:15 AM
 #2

Who has their avatar hosted on a non-bitcointalk website? What domain is it hosted on?

Do you think I am spamming? If so, you're probably wrong.
pooya87
Legendary
*
Offline Offline

Activity: 1680
Merit: 1712



View Profile
March 18, 2017, 06:14:35 AM
 #3

Who has their avatar hosted on a non-bitcointalk website? What domain is it hosted on?

as it is seen in the screenshot it is on blogspot and 38659 is the user id.
as i said it is a very old account from 2011 (so probably set it back then) and has been activated recently after 2 years.

Quickseller
Copper Member
Legendary
*
Offline Offline

Activity: 1820
Merit: 1698



View Profile WWW
March 18, 2017, 06:36:19 AM
 #4

Hmmm, it looks like I had to access http://2.bp.blogspot.com/-d0Ippz-2CN0/TWcO_2wZOiI/AAAAAAAAFZA/ZkU-bL3fUAk/s1600/eagle-4.jpg in order to view his profile. I think this could possible leak information about anyone who views his profile or a page that he posted in.

I will message theymos about this.

Do you think I am spamming? If so, you're probably wrong.
digaran
Hero Member
*****
Offline Offline

Activity: 910
Merit: 613

111113DUwES2ZNWSJztA3oBuhzfcdmiaG


View Profile
March 18, 2017, 06:51:57 AM
 #5

From 2011 until now isn't 2 years dude, I also wanted to have an avatar with the live bitcoin price updated every 10 minutes Smiley but I'm too lazy to keep looking into it to see if I can or not.

HOWEYCOINS   ▮      Excitement and         ⭐  ● TWITTER  ● FACEBOOK   ⭐      
  ▮    guaranteed returns                 ●TELEGRAM                         
  ▮  of the travel industry
    ⭐  ●Ann Thread ●Instagram   ⭐ 
✅    U.S.Sec    ➡️
✅  approved!  ➡️
pooya87
Legendary
*
Offline Offline

Activity: 1680
Merit: 1712



View Profile
March 18, 2017, 07:25:59 AM
 #6

From 2011 until now isn't 2 years dude

instead of spamming jumping into conclusion, it is best if you read first
~ has been activated recently after 2 years.

and then investigate
https://bitcointalk.org/index.php?topic=1231822.msg12871753#msg12871753
then say if it is right or wrong.

I also wanted to have an avatar with the live bitcoin price updated every 10 minutes Smiley but I'm too lazy to keep looking into it to see if I can or not.

not a good idea in my opinion Smiley
and not possible so you can not.

minifrij
Legendary
*
Offline Offline

Activity: 1960
Merit: 1165


In Memory of Zepher


View Profile WWW
March 18, 2017, 04:50:52 PM
 #7

This forum previously allowed users to attach avatars through external sources, such as the one that the affected user has.
I'm not sure when, but I expect that this feature was disabled around the time of this post. Therefore, if the user attached his avatar early enough I expect he is allowed to keep it (similar to animated avatars and users below the required activity limits).

I don't think there is any sort of exploit to worry about unless he set his avatar late on, it is likely just an early member using a feature that isn't around anymore.
Quickseller
Copper Member
Legendary
*
Offline Offline

Activity: 1820
Merit: 1698



View Profile WWW
March 18, 2017, 08:04:46 PM
 #8

Who has their avatar hosted on a non-bitcointalk website? What domain is it hosted on?

as it is seen in the screenshot it is on blogspot and 38659 is the user id.
as i said it is a very old account from 2011 (so probably set it back then) and has been activated recently after 2 years.
This has been fixed.

Do you think I am spamming? If so, you're probably wrong.
zyzzbrah
Member
**
Offline Offline

Activity: 84
Merit: 10


View Profile
March 22, 2017, 12:58:27 AM
 #9

Im trying to set an avatar but im not able to find it anywhere in the options. Do you need to be full member or something?
BitHodler
Legendary
*
Online Online

Activity: 1302
Merit: 1138


View Profile
March 22, 2017, 10:14:59 AM
 #10

Im trying to set an avatar but im not able to find it anywhere in the options. Do you need to be full member or something?
Yes.

pooya87
Legendary
*
Offline Offline

Activity: 1680
Merit: 1712



View Profile
April 03, 2017, 05:36:47 AM
Last edit: April 07, 2017, 04:41:39 AM by pooya87
 #11

I found another one Roll Eyes (u=3499)
and another one (u=32045)

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!