1
trabis
trabis account has been hacked
  • 2008/8/3 23:29

  • trabis

  • Core Developer

  • Posts: 2269

  • Since: 2006/9/1 1


I´m sorry to bring this to public discussion but it is a serious problem that concerns all Xoops's community.
I have noticed my profile has been changed here on Xoops.org. You can visit it and see what is posted has being my "interests".

It´s not just a bad joke, it serious compromise my presence here has I feel my data, indentity and privacy are not being assured.

I´m not sure if you will ever garantee me such safety.
I do request an explanation or a deletion of my account.

It sadness me.

2
Runeher
Re: trabis account has been hacked
  • 2008/8/3 23:42

  • Runeher

  • Module Developer

  • Posts: 825

  • Since: 2008/1/24


Relax trabis. it's just a bug in the script putting the webmaster of the site in the interest field... it happened to my account too, and i as you, thought my account was being hacked...

I guess it happened when you got your rank changed...

Just delete it and don't think about it anymore...

3
trabis
Re: trabis account has been hacked
  • 2008/8/3 23:55

  • trabis

  • Core Developer

  • Posts: 2269

  • Since: 2006/9/1 1


We´re talking of xoops.org right?
For how long are this kind of bugs suposed to be around?
And if they are known was there a need for this to happen?
Since when this bug exists?
What XOOPS version?
I noticed other profile were updated today, were they affected?
I need to see that bug.

4
Mamba
Re: trabis account has been hacked
  • 2008/8/4 0:08

  • Mamba

  • Moderator

  • Posts: 11409

  • Since: 2004/4/23


Trabis, I've updated ranking of few users today to Module Developer or Theme Designer, incl. yours, and was going to PM you about it.

Sorry about this bug! I've seen it earlier, but totally forgot about it.

I'll talk to DJ about it, so we can fix it in the 2.0.18.2 Final Release.

BTW - it was reported on July 2, 2008 (see here)
Support XOOPS => DONATE
Use 2.5.11 | Docs | Modules | Bugs

5
trabis
Re: trabis account has been hacked
  • 2008/8/4 0:30

  • trabis

  • Core Developer

  • Posts: 2269

  • Since: 2006/9/1 1


...

6
trabis
Re: trabis account has been hacked
  • 2008/8/27 1:08

  • trabis

  • Core Developer

  • Posts: 2269

  • Since: 2006/9/1 1


I found the &%$# bastard!

I think this was the smartest one I found so far and still, I am not able to reproduce it.

So I found something was wrong in the edit user form because after editing a user info you will notice that no debug is showed.
Yet, if you edit a info of an admin user the debug info will display.

After dumping the xoopsUser object I noticed the debug info was not showed because the XoopsUser object was somehow corrupted and gaining some of its values from the user we were editing.

At this point I already knew the end of this bug was close.

I was able to isolate the exact point when the corruption was taking point.

in system/admin/users/main.php
$op 'mod_users';
include_once 
XOOPS_ROOT_PATH."/modules/system/admin/users/users.php";
//at this point all is ok
if (isset($_POST)) {
   foreach ( 
$_POST as $k => $v ) {
        ${
$k} = $v;
    }
}
// at this point xoopsUser gets corrupted and current user(the admin) does not belong to admins group anymore


So I filtered the $_POST array until I get the guilty one:
$_POST['groups'];

It seems that (under some server enviroment I guess) the $groups variable is already set and for some reason I can´t figure, it doesn´t update the value correctly.

So what I done was to unset 'groups' before the loop. If you notice the debug info will now show no matter what user you are editing and the global $xoopsUser is correctly set.

The hack:

$op 'mod_users';
include_once 
XOOPS_ROOT_PATH."/modules/system/admin/users/users.php";
unset(
$groups);
if (isset(
$_POST)) {
   foreach ( 
$_POST as $k => $v ) {
        ${
$k} = $v;
    }
}

7
phppp
Re: trabis account has been hacked
  • 2008/8/27 2:39

  • phppp

  • XOOPS Contributor

  • Posts: 2857

  • Since: 2004/1/25


Will add the patch to 2.3

8
kakos
Re: trabis account has been hacked
  • 2008/8/27 9:03

  • kakos

  • Friend of XOOPS

  • Posts: 79

  • Since: 2002/6/6 2


after I read this post I looking in your profile, here and icms and I observed this.

Resized Image


Resized Image

9
trabis
Re: trabis account has been hacked
  • 2008/8/27 9:40

  • trabis

  • Core Developer

  • Posts: 2269

  • Since: 2006/9/1 1


Quote:

kakos wrote:
after I read this post I looking in your profile, here and icms and I observed this.


What about it?
My first post was in icms and 5 minutes latter in xoops. (those images are not consistent with the time line, I posted it around 2 AM GMT)

About last login, in icms I have the 'remember me' option that is why I am logged for 2 months ago.

What am I missing?

10
kakos
Re: trabis account has been hacked
  • 2008/8/27 14:41

  • kakos

  • Friend of XOOPS

  • Posts: 79

  • Since: 2002/6/6 2


The “remember me” explains my query for the coincidence in the last post concerning the last user login. No you do not miss nothing... there is not exist some hidden significance .
I was curious if exists another one bug in XOOPS versions - branches.
I appreciate a lot your work.

Costas

Login

Who's Online

460 user(s) are online (335 user(s) are browsing Support Forums)


Members: 0


Guests: 460


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits