Serious Hacking Attempt with IPB

B

Brandon

Guest
I was running IPB on my computer last night and found a way that a hacker could get into your members accounts. I opened Macromedia Flash 8 and made a 1X1 flash animation that after 60 seconds redirects to a website. This animation could be placed in the persons avatar in IPB. After 60 seconds it redirected me to my fake login page for my forum with a message saying your sesson timed out. I tryed it on my brother and he fell for it! I recommend you disable this feature in IPB.
 

Phil

Retired Staff
Messages
7,344
Reaction score
0
Points
36
DesertWar said:
I was running IPB on my computer last night and found a way that a hacker could get into your members accounts. I opened Macromedia Flash 8 and made a 1X1 flash animation that after 60 seconds redirects to a website. This animation could be placed in the persons avatar in IPB. After 60 seconds it redirected me to my fake login page for my forum with a message saying your sesson timed out. I tryed it on my brother and he fell for it! I recommend you disable this feature in IPB.
what? Realy they can get in somone's account that simple. Funny how you stumbled apon that, Or were you actuly testing it?
 
Last edited:
B

Brandon

Guest
I stumpled on it I was making a lame flash animation and saw that you could redirect it! If you dont look at the address bar I bet tons of people would fall for it.
 

Phil

Retired Staff
Messages
7,344
Reaction score
0
Points
36
Thats actuley pritty kool. how you stumbled apon that is sweet to! haha
 

Tgr1991

New Member
Messages
44
Reaction score
0
Points
0
Damn, thx for the inform i use IPB on another one of my sites,i didnt know that i gotta tell my freind.
 
B

Brandon

Guest
Here is a photo of what to do turn Flash to off. This is under Security.
 

stealth_thunder

New Member
Messages
556
Reaction score
0
Points
0
nice finding on this the best excellent discovery I have read thanks a lot for the information.

I will make sure in future if I were to use IPB will take note of this. :drool:
 

Richard

Active Member
Messages
2,028
Reaction score
0
Points
36
What you are doing is called pharming (The spelling is right)

Another is thing you can do if you use firefox is add the script blocker NoScript
All you do is select the sites you wish to have JavaScript/Flash/Java Applets run the rest it will block.
 
Last edited:
Top