IntegraMOD

Author: **computerskillz** » Sat May 20, 2006 9:02 pm

in Integramod 1.4, If you have a forum configured as a link redirection, then any anonymous person can make a thread in that forum simply by launching the posting URL and that forum ID EVEN if the forum is visible only to registered users. All the person needs is the forum ID.

For example if your Link Redirect Forum ID is 29, an anonymous person can simply enter......

http://www.yourdomain.com/posting.php?mode=newtopic&f=29

This should be fixed as soon as possible.

<img>

Author: **tmotley** » Sun May 21, 2006 6:46 am

Yep, it seems as though anyone can post in a link redirect forum that way. The question that pops into my head is why would they when you can't view the posting?

Sounds like possibly another use for that code that you can use to restrict access to various pages...

Author: **computerskillz** » Mon May 29, 2006 9:29 am

"tmotley";p="6780" wrote:Yep, it seems as though anyone can post in a link redirect forum that way. The question that pops into my head is why would they when you can't view the posting?

Sounds like possibly another use for that code that you can use to restrict access to various pages...

Yes you can view it. From the "Recent Topics" block. Spammers can post to the link redirect forum and have their topic show up in "Recent Topics" or "Topics Since" and when you go to click on the link, you're taken to a thread about Penis Enlargement, etc. And when you look at the nav links you'll see that you're in a Redirect forum reading a thread.

Its my guess there's no fix for this as of yet, as staff has yet to comment.

Author: **tmotley** » Mon May 29, 2006 9:46 am

http://www.phpbb.com/phpBB/viewtopic.php?t=290219

Might work?

Here's a similar topic in the archives:
http://integramod.com/forum/viewtopic.p ... low+access

Author: **computerskillz** » Mon May 29, 2006 8:19 pm

I doubt this will work because the spammer doesn't need to "load" the page.. all he needs to do is post to it via the posting form using the url and the forum ID.

It just might be that he won't be able to read the post, but once the <imput> is submitted the thread is created whether he/she reads it or not.

Author: **Solomon** » Mon Jun 19, 2006 4:47 pm

A guest was able to inject this thread under a "Link redirection" type forum.

HMXonline.com - The Online Gaming Syndicate Forum Index ÃƒÆ’Ã¢â‚¬Å¡Ãƒâ€šÃ‚ » Discussions ÃƒÆ’Ã¢â‚¬Å¡Ãƒâ€šÃ‚ » Gaming ÃƒÆ’Ã¢â‚¬Å¡Ãƒâ€šÃ‚ » Software ÃƒÆ’Ã¢â‚¬Å¡Ãƒâ€šÃ‚ » Action ÃƒÆ’Ã¢â‚¬Å¡Ãƒâ€šÃ‚ » MMOFPS ÃƒÆ’Ã¢â‚¬Å¡Ãƒâ€šÃ‚ » PlanetSide - planetside.HMXonline.com ÃƒÆ’Ã¢â‚¬Å¡Ãƒâ€šÃ‚ » PlanetSide Essentials ÃƒÆ’Ã¢â‚¬Å¡Ãƒâ€šÃ‚ » PS Dev Tracker ÃƒÆ’Ã¢â‚¬Å¡Ãƒâ€šÃ‚ » Forex ÃƒÆ’Ã†â€™Ãƒ ¢Ã¢â€š ¬

IntegraMOD

[BUG] Anonymous people can post to Link Redirection Forums

[BUG] Anonymous people can post to Link Redirection Forums

Thread injection under "Link redirection" forum

Who is online