Author

Topic: The forum has a bug. (Read 1359 times)

sr. member
Activity: 462
Merit: 250
May 02, 2015, 05:22:38 PM
#20
Well considering that you are asking for ~$1.60 worth of Bitcoin, I somewhat doubt that you have put any kind of effort into this.

It honestly sounds more like a donation scam to me.

Behold!! Inappropriate negative trust incoming on your account. I guess its not your fault if it does come.
https://bitcointalksearch.org/topic/quickseller-gave-me-a-negative-trust-without-considering-any-possibility-1035687
hero member
Activity: 658
Merit: 500
May 02, 2015, 12:57:03 PM
#19
I give you permission to attack my account. It's not like Google servers will die anytime soon.
legendary
Activity: 1022
Merit: 1007
Sooner or later, a man who wears two faces forgets
May 02, 2015, 10:48:19 AM
#18
I think what he said is true. Tried ~10+ times and all the time it showed reset email was sent. A time limit should be set IMHO.

I remember what happened to me some months ago, i was not so active and it was soon when i got active but when i got back i had forgotten my password and i reset it by email but at first i did not received any email, and to my surprise same followed for next 2 times. after it i got the mail and i successfully rest my password. So it'll be a little problem to have a limit but a 5 minute limit should not hurt , looking at the spamming function it can be used for.
sgk
legendary
Activity: 1470
Merit: 1002
!! HODL !!
May 02, 2015, 10:48:12 AM
#17
Even if it is true,  it is not a bug.
It is an unintended behavior which SMF developers haven't thought of addressing yet.

Maybe this was never found to be a trouble maker and nobody thought of addressing it.

But i am sure if there is a way for theymos to address this,  he would certainly do it if you bring this to his attention.
hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
May 02, 2015, 10:38:45 AM
#16
I think what he said is true. Tried ~10+ times and all the time it showed reset email was sent. A time limit should be set IMHO.
legendary
Activity: 1022
Merit: 1007
Sooner or later, a man who wears two faces forgets
May 02, 2015, 10:35:43 AM
#15
why is you people bothering with loser bug kid. let him go play in the dirt and find some real bugs with shells and wings and lots of feet.

You are the real hacker ? ... if i really want to bother then i do a denial of service (i know how to dos a SMF forum, you are reading this post because i am not dosing the forum). you don't care if your email is full of spam?
 and good bye, i don't need this stupid forum, full of ogres.

The problem with the forum is when any newbie tries to be funny or off-topic , he is considered as Spammer or Troll . This has happened because of the rapidly increasing Shill's and Signature Campaign Spammers. Some people just do post anything for Signature .
You might think that this is a major bug but no one thinks it that way , it can't be changed and i don't thing someone have time to email spam anyone.
Even if they do , Theymos won't change it now , would he ? It would lead to problem if someone actually forget his/her password and then email don't go through , he'll be stuck for say 5 minute limit ? Undecided
About the part of doing a DoS attack , Good luck if you are going to try one . I don't think it's that easy since theymos took some good security measures after the last one and if by chance you succeed that'll be good too as he'll then implement better Security.
newbie
Activity: 10
Merit: 0
May 02, 2015, 10:26:31 AM
#14
why is you people bothering with loser bug kid. let him go play in the dirt and find some real bugs with shells and wings and lots of feet.

You are the real hacker ? ... if i really want to bother then i do a denial of service (i know how to dos a SMF forum, you are reading this post because i am not dosing the forum). you don't care if your email is full of spam?
 and good bye, i don't need this stupid forum, full of ogres.
sr. member
Activity: 265
Merit: 250
May 01, 2015, 10:25:12 PM
#13
why is you people bothering with loser bug kid. let him go play in the dirt and find some real bugs with shells and wings and lots of feet.
legendary
Activity: 3542
Merit: 1352
May 01, 2015, 02:21:23 PM
#12
I think you can only attempt to reset one password per 45 second period (based on IP address). So unless you have access to a large number of IP addresses then this would probably not actually work.

I know the SMF forums, you don't need more than 1 ip. And the developers don't think that it is a bug XD.
Well considering that you are asking for ~$1.60 worth of Bitcoin, I somewhat doubt that you have put any kind of effort into this.

It honestly sounds more like a donation scam to me.

If it helps the forums why it is scam?

I already knew this bug, that is all. You don't will find this bug in google!, i found it by myself.

How could that be a "bug"? If it is one, then PM theymos regarding this "bug" and you might receive more than what you've asked for in this thread.
legendary
Activity: 1778
Merit: 1043
#Free market
May 01, 2015, 08:25:43 AM
#11
I think you can only attempt to reset one password per 45 second period (based on IP address). So unless you have access to a large number of IP addresses then this would probably not actually work.

I know the SMF forums, you don't need more than 1 ip. And the developers don't think that it is a bug XD.
Well considering that you are asking for ~$1.60 worth of Bitcoin, I somewhat doubt that you have put any kind of effort into this.

It honestly sounds more like a donation scam to me.

If it helps the forums why it is scam?

I already knew this bug, that is all. You don't will find this bug in google!, i found it by myself.


Have you sent a PM to theymos? if this is a bug I am sure he will send you a 'good bounty', maybe check also this thread: https://bitcointalksearch.org/topic/security-bounties-309785  (the rules part).
newbie
Activity: 10
Merit: 0
May 01, 2015, 08:12:11 AM
#10
I think you can only attempt to reset one password per 45 second period (based on IP address). So unless you have access to a large number of IP addresses then this would probably not actually work.

I know the SMF forums, you don't need more than 1 ip. And the developers don't think that it is a bug XD.
Well considering that you are asking for ~$1.60 worth of Bitcoin, I somewhat doubt that you have put any kind of effort into this.

It honestly sounds more like a donation scam to me.

If it helps the forums why it is scam?

I already knew this bug, that is all. You don't will find this bug in google!, i found it by myself.
copper member
Activity: 2996
Merit: 2374
May 01, 2015, 08:08:26 AM
#9
I think you can only attempt to reset one password per 45 second period (based on IP address). So unless you have access to a large number of IP addresses then this would probably not actually work.

I know the SMF forums, you don't need more than 1 ip. And the developers don't think that it is a bug XD.
Well considering that you are asking for ~$1.60 worth of Bitcoin, I somewhat doubt that you have put any kind of effort into this.

It honestly sounds more like a donation scam to me.
newbie
Activity: 10
Merit: 0
May 01, 2015, 08:05:06 AM
#8
I think you can only attempt to reset one password per 45 second period (based on IP address). So unless you have access to a large number of IP addresses then this would probably not actually work.

I know the SMF forums, you don't need more than 1 ip. And the developers don't think that it is a bug XD.

And as i said i can prove it. who wanna test?
copper member
Activity: 2996
Merit: 2374
May 01, 2015, 08:00:05 AM
#7
I think you can only attempt to reset one password per 45 second period (based on IP address). So unless you have access to a large number of IP addresses then this would probably not actually work.
newbie
Activity: 10
Merit: 0
May 01, 2015, 07:53:33 AM
#6
Yes, earntomorrow is scam, Vod sorry, sorry all.

I found an exploitable bug.

The bug is here (The password reminder function can be used as an email bomber)

https://i.imgur.com/TJJxA1h.png

Do you understand?





If i helped the forum then please give me 0.007 BTC Thanks you!




BTC ADDRESS

157si98weemtesVxpAxzYEHRxLwnEZiKVa




You can't certainly know whose email it is . THe email's are hidden , so you can't just bomb on a individual email but something random , but you're looking to bomb / spam a certain user , than  i think it is possible.
Did you tried it ? I think it won't send more than 1-2 emails Undecided

It says "Username/Email", you can use the username and you don't need to know his email. You can to spam any user.

You can send  thousands of emails.

I can prove it, i have an exploit in python.
legendary
Activity: 1022
Merit: 1007
Sooner or later, a man who wears two faces forgets
May 01, 2015, 05:29:33 AM
#5
Yes, earntomorrow is scam, Vod sorry, sorry all.

I found an exploitable bug.

The bug is here (The password reminder function can be used as an email bomber)



Do you understand?





If i helped the forum then please give me 0.007 BTC Thanks you!




BTC ADDRESS

157si98weemtesVxpAxzYEHRxLwnEZiKVa




You can't certainly know whose email it is . THe email's are hidden , so you can't just bomb on a individual email but something random , but you're looking to bomb / spam a certain user , than  i think it is possible.
Did you tried it ? I think it won't send more than 1-2 emails Undecided
sr. member
Activity: 350
Merit: 250
Scat The Billionaire
April 30, 2015, 11:52:25 PM
#4
yes AFAIK you are more big bug than another bugs lololol
sr. member
Activity: 265
Merit: 250
April 30, 2015, 10:16:19 PM
#3
you are the biggest bug here now bugger off!  Cheesy
newbie
Activity: 10
Merit: 0
April 30, 2015, 10:15:20 PM
#2
Bug #2

"Database stresser"

Yeah, i found a bug that can to stress the database.
newbie
Activity: 10
Merit: 0
April 30, 2015, 08:57:55 PM
#1
Yes, earntomorrow is scam, Vod sorry, sorry all.

I found an exploitable bug.

The bug is here (The password reminder function can be used as an email bomber)

https://i.imgur.com/TJJxA1h.png

Do you understand?





If i helped the forum then please give me 0.007 BTC Thanks you!




BTC ADDRESS

157si98weemtesVxpAxzYEHRxLwnEZiKVa


Jump to: