Re: trabis account has been hacked [Q and A] - XOOPS Web Application System

11

Re: trabis account has been hacked

2008/8/28 15:27
ghia
Community Support Member
Posts: 4953
Since: 2008/7/3 1

I assume this is only in the 2.0.X versions?

The art of asking questions.

12

Re: trabis account has been hacked

2008/8/28 18:33
trabis
Core Developer
Posts: 2269
Since: 2006/9/1 1

Quote:

ghia_ wrote:
I assume this is only in the 2.0.X versions?

Just for 2.0.18.x and 2.3 but I cannot be 100% sure.

LatinoPoemas

13

Re: trabis account has been hacked

2008/8/29 20:04
Daethian
Quite a regular
Posts: 305
Since: 2005/3/4 1

Can you tell me ..should we be putting this hack in our code?
I noticed this happening but dismissed it as Firefox goofing up and filling my name in the wrong field.

http://www.artfire.com/daethian
My Artfire store- Vintage Jewelry and New Bead Jewelry

14

Re: trabis account has been hacked

2008/8/30 1:42
trabis
Core Developer
Posts: 2269
Since: 2006/9/1 1

Quote:

Daethian wrote:
Can you tell me ..should we be putting this hack in our code?
I noticed this happening but dismissed it as Firefox goofing up and filling my name in the wrong field.

This hack is harmless and you can add it to your code.
I´m not 100% sure this will solve the bug because I was not able to reproduce it.

If anyone(you for example) can reproduce it in your site, then please make a test. Apply this hack and report back if it solved the problem. Thanks.

LatinoPoemas

15

Re: trabis account has been hacked

2008/9/4 11:07
Mamba
Moderator
Posts: 11366
Since: 2004/4/23

Well, it didn't solve it - we had it again today. Actually, I can reproduce it now constantly:

1) click on user link (e.g. in posted message in newbb)
2) click on Edit Profile

The name of the Admin doing the edit will be inserted into "Interests" field.

EDIT: it was consistently on Google Chrome, but I can't reproduce it on Firefox 3.01 and not on IE 7. This is strange!

Support XOOPS => DONATE
Use 2.5.10 | Docs | Modules | Bugs

16

Re: trabis account has been hacked

2008/9/4 11:31
trabis
Core Developer
Posts: 2269
Since: 2006/9/1 1

No that are good news! Means that we can trace it!

LatinoPoemas

17

Re: trabis account has been hacked

2008/9/4 11:33
Mamba
Moderator
Posts: 11366
Since: 2004/4/23

Yes, but you'll need Google Chrome for it. At least there is one benefit of this new browser

Support XOOPS => DONATE
Use 2.5.10 | Docs | Modules | Bugs

18

Re: trabis account has been hacked

2008/9/4 14:24
trabis
Core Developer
Posts: 2269
Since: 2006/9/1 1

This is happening in preferences->mail to. The only way I can partially solve this is using javascript as in this article:

http://www.boutell.com/newfaq/creating/clearform.html

LatinoPoemas

19

Re: trabis account has been hacked

2008/9/4 19:17
Speed
Quite a regular
Posts: 310
Since: 2004/5/18

Quote:

The name of the Admin doing the edit will be inserted into "Interests" field.

Interesting. I had this happen on a recent site I created locally and then uploaded to host. It's been driving me nuts because I cannot get rid of my name from the user's profile. Thank you for tracking this down!

Once bug is fixed, I presume the bad data will still be in the profiles?

...

20

Re: trabis account has been hacked

2008/9/5 7:06
ghia
Community Support Member
Posts: 4953
Since: 2008/7/3 1

Quote:

This is happening in preferences->mail to.

Could you specify what happens there?
Quote:

The only way I can partially solve this is using javascript as in this article:

Are you now saying that this is a browser problem? I find it hard to believe that. I could imagine that some nifty auto complete browser settings would fill in some fields, but not that fields (from different naming) get mixed.

The art of asking questions.

Stats
Goal:	$100.00
Due Date:	May 31
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Re: trabis account has been hacked

Re: trabis account has been hacked

Re: trabis account has been hacked

Re: trabis account has been hacked

Re: trabis account has been hacked

Re: trabis account has been hacked

Re: trabis account has been hacked

Re: trabis account has been hacked

Re: trabis account has been hacked

Re: trabis account has been hacked

Login

Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Re: NewBB v 5.1.0 b 6

Re: NewBB v 5.1.0 b 6

NewBB v 5.1.0 b 6

Re: XOOPS 2.5.11 search user is not working

Re: oledrion

Re: oledrion

Re: oledrion

Re: oledrion

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}