Site Links
Home
Features
Documentation
Pricing & Order
Members Area
Support Options
UBBDev.com
UBBWiki.com
Who's Online Now
1 registered members (Morgan), 46 guests, and 384 spiders.
Key: Admin, Global Mod, Mod
Member Spotlight
Posts: 25
Joined: November 2012
Show All Member Profiles 
Top Posters(30 Days)
Gizmo 17
M4TT 12
Ruben 8
FREAK 7
mmkk 4
isaac 3
Latest Photos
Chinese Buddhist temple.
My buddha beads.
Rendered Walls
Multi-Screen wallpaper
Stockholm Metro
Previous Thread
Next Thread
Print Thread
Forum Hack? #243840
06/11/11 02:32 PM
06/11/11 02:32 PM
Joined: Apr 2011
Posts: 152
S
ShiftKnowledge Offline OP
member
ShiftKnowledge  Offline OP
member
S
Joined: Apr 2011
Posts: 152
Does anybody know how this person got past the limit for subject text?

[Linked Image]

Re: Forum Hack? [Re: ShiftKnowledge] #243842
06/11/11 02:57 PM
06/11/11 02:57 PM
Joined: Dec 2003
Posts: 5,827
Lutz,FL
Ruben Offline

Ruben  Offline


Joined: Dec 2003
Posts: 5,827
Lutz,FL
Must be a different forum than the url you gave me before.
But anyway possibly you have html enabled for that board


Blue Man Group


There is no such thing as stupid questions. Just stupid answers
Re: Forum Hack? [Re: ShiftKnowledge] #243843
06/11/11 03:00 PM
06/11/11 03:00 PM
Joined: Apr 2011
Posts: 152
S
ShiftKnowledge Offline OP
member
ShiftKnowledge  Offline OP
member
S
Joined: Apr 2011
Posts: 152
I looked at the source but I didnt see any HTML changes in the span



<span id="subject0">megapixel game site megapixels memory cards megapixels 14 conversion megapixels to megabytes canon cameras 12.1 megapixels megapixels studio rates megapixel and photo size megapixels and image sizes kodak 12.2 megapixels md41 megapixel lens calculator megapixel video camera bold 9700 megapixels megapixels 12.1 how many megapixels do i need for a poster megapixels memory chart</span>
</b>


Re: Forum Hack? [Re: ShiftKnowledge] #243844
06/11/11 03:13 PM
06/11/11 03:13 PM
Joined: Dec 2003
Posts: 5,827
Lutz,FL
Ruben Offline

Ruben  Offline


Joined: Dec 2003
Posts: 5,827
Lutz,FL
Not sure where you got that from.
Possibly view source in a browser?
But it is html
and
<span id="subject0">
does not look native to ubb.
Try editing the post and see if you can see what is embedded in the topic and post.


Blue Man Group


There is no such thing as stupid questions. Just stupid answers
Re: Forum Hack? [Re: ShiftKnowledge] #243846
06/11/11 04:11 PM
06/11/11 04:11 PM
Joined: Apr 2011
Posts: 152
S
ShiftKnowledge Offline OP
member
ShiftKnowledge  Offline OP
member
S
Joined: Apr 2011
Posts: 152
its not on my site so I don't have the privileges to edit it.

here is the site

http://forum.surfermag.com/forum/postlist.php?Cat=0&Board=UBB1&page=0

Last edited by ShiftKnowledge; 06/11/11 04:21 PM.
Re: Forum Hack? [Re: ShiftKnowledge] #243848
06/11/11 05:23 PM
06/11/11 05:23 PM
Joined: Jul 2006
Posts: 2,199
David Dreezer Offline

Pooh-Bah
David Dreezer  Offline

Pooh-Bah
Joined: Jul 2006
Posts: 2,199
version 6.5 is pretty put of date. Currently the topic title field in the database is varchar(255). I suspect it was back then too. Any restrictions in topic length via the form can be bypassed, and there surely was nothing in the actual scripts back then that would have limited it.

In other words, no, it wasn't hacked.

Last edited by David Dreezer; 06/11/11 05:24 PM.

This thread for sale. Click here! [Linked Image]
Re: Forum Hack? [Re: David Dreezer] #243849
06/11/11 05:59 PM
06/11/11 05:59 PM
Joined: Apr 2011
Posts: 152
S
ShiftKnowledge Offline OP
member
ShiftKnowledge  Offline OP
member
S
Joined: Apr 2011
Posts: 152
I know from experience that you can only use about 40 chars or less for the subject title so its got to be a script.

Re: Forum Hack? [Re: ShiftKnowledge] #243850
06/11/11 07:15 PM
06/11/11 07:15 PM
Joined: Apr 2007
Posts: 4,313
SoCal, USA
SD Offline
Carpal Tunnel
SD  Offline
Carpal Tunnel
Joined: Apr 2007
Posts: 4,313
SoCal, USA
fairly easy to hack 6.5, or if you will, bypass perceived safety of the forum software and break the rules...

matter of fact, up until 7.4 there were some holes that could be breached.

wink

Re: Forum Hack? [Re: ShiftKnowledge] #243852
06/11/11 08:52 PM
06/11/11 08:52 PM
Joined: Apr 2011
Posts: 152
S
ShiftKnowledge Offline OP
member
ShiftKnowledge  Offline OP
member
S
Joined: Apr 2011
Posts: 152
so you are saying its probably very easy to get admin passwords etc as well?

Re: Forum Hack? [Re: ShiftKnowledge] #243853
06/11/11 09:14 PM
06/11/11 09:14 PM
Joined: Apr 2007
Posts: 4,313
SoCal, USA
SD Offline
Carpal Tunnel
SD  Offline
Carpal Tunnel
Joined: Apr 2007
Posts: 4,313
SoCal, USA
i know there was a flaw in how certain form submitted data was handled.

rather than go into details, the prudent thing would be to upgrade to 7.5.6, imho

then there are no questions

and 'very easy' is a relative term. 'joe blow' off the street would never get in, but....... you get the drift..


Shout Box
Today's Birthdays
No Birthdays
Recent Topics
Users Unable to Upload Avatar [Not a Bug]
by M4TT. 12/13/17 08:51 AM
Shout Box Sound Effect
by M4TT. 11/29/17 08:28 PM
Ad island
by TGCsanderson. 11/25/17 06:41 PM
Taking to long to connect to DB
by AstroCat. 11/24/17 12:34 PM
Forum Statistics
Forums36
Topics35,015
Posts190,544
Members12,045
Most Online978
Jun 24th, 2007
Random Image
Powered by UBB.threads™ PHP Forum Software 7.6.1
(Snapshot build 20171106)