FIXED delete_users.php fix

The time now is Thu 04 Sep, 2025 14:37 • All times are UTC + 1 Hour [DST enabled]

FIXED delete_users.php fix

Page 1 of 1

xeno3dx

Joined: January 2007
Posts: 1

delete_users.php fix

Ciao a tutti io non cnosco l' inglese e quindi posto in italiano.

Ecco come eliminare un Admin, Moderatore, User, di una phpBB XS 2
la pagina delete_users.php non richiede conferma, quindi noi
possiamo eliminare un utente a nostra scelta, che sia admin, mod, o altro
è lo stesso.

Mettiamo caso che vogliamo eliminare l'admin di quel forum phpbbxs2
allora ci precipitiamo sulla memberlist.php dove cliccando con il tasto destro del mouse
troviamo l'id dell'utente che sarà quasi di sicuro il 2

h**p://Sito_Vittima.com/Forum/delet...r_id&del_user=2

Adesso camuffiamo con il bbcode l'url
e spediamo un PM all'admin..

h**p://belleragazze.it

Appena l'admin accede alla pagina si torverà eliminato dal forum, e quindi non potrà
più accedere..

( Ricordo che per eliminare un moderatore o un utente il link deve essere
spedito sempre all'admin del forum, perchè l'unico ad avere tali permessi )

Questo sarebbe l' attacco... cerchiamo di avvisare piu persone possibile

Edited by KugeLSichA, Thu 04 Jan, 2007 20:34: topic title changed

#1 Wed 03 Jan, 2007 19:19

Sponsors	Icy Phoenix is an open source project, you can show your appreciation and support future development by donating to the project.

Vortex

Joined: October 2006
Posts: 412
Location:

Prato, Italy

Re: Bugs Phpbbxs 2

Traduco per gli altri.

Didn't check if this is true, I'm italian and just translate for you

xeno3dx wrote: [View Post]
Hi everyone I can't speak english and I post it in italian.

Here's how to delete a phpBBXS 2 Admin, Moderator, User.
page delete_users.php doesn't ask for any confirmatino, so we are able to delete a user, even if he is admin or mod, doesn't matter his level

Let's image we want to delete the admin of a specified phpbbxs2 board
we go to memberlist.php and with right clic we can find the user id, which is almost "2" for admins

Then we prepare a PM in which we put a link like this:

http://Victim_site.com/Forum/delete...r_id&del_user=2

Than we can hide the link with bbcode http://sexygirls.com

As soon as the admin reaches the page he will be deleted from the board.

(It works only with admins, no other user has permissions to delete users)

This is an easy way to attack a site... try to warn the more people you can

#2 Wed 03 Jan, 2007 21:50

buldo Joined: August 2006 Posts: 474 Location: Borgo San Michele	Re: Bugs Phpbbxs 2 This is not properly a "bug", but it's VERY IMPORTANT to keep it in mind: admins just check the browser's status bar to be sure that the link they are clicking on is "correct". Thanks for reporting. Ciao, ____________ ~~~ Andrea ~~~ User #379756 on Linux Counter "If you can't apt-get something, it isn't useful or doesn't exist!!"
#3 Thu 04 Jan, 2007 00:44

TheSteffen Joined: August 2006 Posts: 1625 Location: Magdeburg	Re: Bugs Phpbbxs 2 Is there no warning before deleting admin like "Do you really want to delete..." ? I don't want to test it
#4 Thu 04 Jan, 2007 09:45

z3d0

Joined: August 2006
Posts: 81
Location:

TOPICS_TABLE

Re: Bugs Phpbbxs 2

MG has already fixed this bug in area69

Patch:

OPEN delete_users.php

FIND

Code: [Download] [Hide]

$del_user = ( isset($_POST['del_user']) ) ? intval($_POST['del_user']) : (( isset($_GET['del_user']) ) ? intval($_GET['del_user']):'');
 
$mode = ( isset($_POST['mode']) ) ? $_POST['mode'] : ( ( isset($_GET['mode']) ) ? $_GET['mode']:'');
 
$days = ( isset($_POST['days']) ) ? intval($_POST['days']) : (( isset($_GET['days']) ) ? intval($_GET['days']):''); 

AFTER ADD

Code: [Download] [Hide]

if(!isset($_POST['confirm']))
 
{
 
    $page_title = $lang['Home'];
 
    include($phpbb_root_path . 'includes/page_header.' . $phpEx);
 
    $s_hidden_fields = '';
 
    $s_hidden_fields .= '<input type="hidden" name="del_user" value="' . $del_user . '" />';
 
    $s_hidden_fields .= '<input type="hidden" name="mode" value="' . $mode . '" />';
 
    $s_hidden_fields .= '<input type="hidden" name="days" value="' . $days . '" />';
 
    // Set template files
 
    $template->set_filenames(array('confirm' => 'confirm_body.tpl'));
 
    $template->assign_vars(array(
 
        'MESSAGE_TITLE' => $lang['Confirm'],
 
        'MESSAGE_TEXT' => $lang['Confirm_delete_item'],
 
        'L_YES' => $lang['Yes'],
 
        'L_NO' => $lang['No'],
 
        'S_CONFIRM_ACTION' => append_sid('delete_users.' . $phpEx),
 
        'S_HIDDEN_FIELDS' => $s_hidden_fields
 
        )
 
    );
 
    $template->pparse('confirm');
 
    include($phpbb_root_path . 'includes/page_tail.' . $phpEx);
 
    exit();
 
}

#5 Thu 04 Jan, 2007 12:43

buldo Joined: August 2006 Posts: 474 Location: Borgo San Michele	Re: Bugs Phpbbxs 2 Many thanks. z3do! ____________ ~~~ Andrea ~~~ User #379756 on Linux Counter "If you can't apt-get something, it isn't useful or doesn't exist!!"
#6 Thu 04 Jan, 2007 12:49

Vortex

Joined: October 2006
Posts: 412
Location:

Prato, Italy

Re: Bugs Phpbbxs 2

z3d0 wrote: [View Post]
MG has already fixed this bug in area69

Patch:

OPEN delete_users.php

FIND

Code: [Download] [Hide]
Code: [Download] [Show]
$del_user = ( isset($_POST['del_user']) ) ? intval($_POST['del_user']) : (( isset($_GET['del_user']) ) ? intval($_GET['del_user']):'');
$mode = ( isset($_POST['mode']) ) ? $_POST['mode'] : ( ( isset($_GET['mode']) ) ? $_GET['mode']:'');
$days = ( isset($_POST['days']) ) ? intval($_POST['days']) : (( isset($_GET['days']) ) ? intval($_GET['days']):'');

AFTER ADD

Code: [Download] [Hide]
Code: [Download] [Show]
if(!isset($_POST['confirm']))
{
    $page_title = $lang['Home'];
    include($phpbb_root_path . 'includes/page_header.' . $phpEx);

    $s_hidden_fields = '';
    $s_hidden_fields .= '<input type="hidden" name="del_user" value="' . $del_user . '" />';
    $s_hidden_fields .= '<input type="hidden" name="mode" value="' . $mode . '" />';
    $s_hidden_fields .= '<input type="hidden" name="days" value="' . $days . '" />';

    // Set template files
    $template->set_filenames(array('confirm' => 'confirm_body.tpl'));

    $template->assign_vars(array(
        'MESSAGE_TITLE' => $lang['Confirm'],
        'MESSAGE_TEXT' => $lang['Confirm_delete_item'],

        'L_YES' => $lang['Yes'],
        'L_NO' => $lang['No'],

        'S_CONFIRM_ACTION' => append_sid('delete_users.' . $phpEx),
        'S_HIDDEN_FIELDS' => $s_hidden_fields
        )
    );
    $template->pparse('confirm');
    include($phpbb_root_path . 'includes/page_tail.' . $phpEx);
    exit();
}

I will apply it 'cause I trust phpBBXS.eu

but I can't read php code... what does it exactly do?

#7 Thu 04 Jan, 2007 16:19

z3d0 Joined: August 2006 Posts: 81 Location: TOPICS_TABLE	Re: Bugs Phpbbxs 2 it adds a confirmation question before deleting users
#8 Thu 04 Jan, 2007 16:53

Vortex Joined: October 2006 Posts: 412 Location: Prato, Italy	Re: Bugs Phpbbxs 2 z3d0 wrote: [View Post] it adds a confirmation question before deleting users Woah tricky... Thanks
#9 Thu 04 Jan, 2007 16:56

TheSteffen Joined: August 2006 Posts: 1625 Location: Magdeburg	Re: delete_users.php fix Great, so we wil wait till area69 beta. Thanks a lot.;-)
#10 Thu 04 Jan, 2007 22:41

Mighty Gorgon Luca Libralato Joined: August 2006 Posts: 7192 Location: Borgo San Michele	Re: FIXED -delete_users.php fix Thanks z3d0, for posting my fix. ____________ Luca SEARCH is the quickest way to get support. Icy Phoenix ColorizeIt - CustomIcy - HON
#11 Sun 07 Jan, 2007 02:47

Page 1 of 1

Was this topic useful?

Link this topic
URL
BBCode
HTML

The time now is Thu 04 Sep, 2025 14:37 • All times are UTC + 1 Hour [DST enabled]

Permissions List

You cannot post new topics
You cannot reply to topics
You cannot edit your posts
You cannot delete your posts
You cannot vote in polls
You cannot attach files
You can download files
You cannot post calendar events

Icy Phoenix

FIXED delete_users.php fix

Was this topic useful?

Was this topic useful?