Do it on the server-side as well. So how can I use this exploit now? That would gain me access to the admin panel, but it will only give me a very limited amount of options, which are all worthless to me. But what if I copy his password, which by the way is an MD5 hashed string , to a temporary place? This way I could restore it after giving myself all necessary admin rights, as if nothing ever happened and we all still lived in a perfect world.
Now I need to change his password. In pseudo-code, vBulletin does the hashing like this: md5 md5 password salt. Now that I have set my own password, I can just log into his account, using his original username and the new password I just created, and give myself all admin rights that tickle my fancy.
After doing so, I can restore his old password by running a simple SQL query:. This might be obvious, but you can get the hash by going to your profile and reading the value from the MSN field. Since I have access to the plug-in system now, I could create and install my own ones. Reason: Auto-Merged DoublePost. Marco van Herwaarden. Someone has access to the files on the server and changes your index.
To troubleshoot this, please remove any hacks and disable your plugins, then see if you still have this problem. Note: To temporarily disable the plugin system, edit config. If your problem still exists, please create a new Style with no Parent set. Now browse the forum using this new style, do you still have the same problems? If you are troubleshooting login or guest issues, you will need to set this style as board default in the vBulletin Options. All times are GMT.
The time now is Contact Us - vBulletin. All Rights Reserved. User Name. Mark Forums Read. Thread Tools. Join Date: Oct Find all posts by mr. R1lover Member.
0コメント