Delete profile comments on anyone's profile made by anyone

[Blaze]

So I just discovered this by accident because I wanted to delete a comment I had made on someone's profile.

I used the postman addon for chrome.

You take the base url for deleting comments on profiles:

gaiaonline.com/p/xxxxxx/?mode=deletecomment&cid=xxx

insert the commentid and the user id in the x's. (you can find the cid if you hover over the "report post" link, and it will have the userid_cid (ex. gaiaonline.com/gaia/report.php?r=30&rpost=999999_99)

Then, go into postman and put the url together in there. Then click the dropdown box to the right, and select "post".

Form should appear below with "key" and "value"

Under key, put "submit". Under value, put "Yes".

Comment will be deleted. You can use this to delete a comment made by anyone on anyone's profile. You could go to an admin's page if you wanted to and delete all the comments off of their profile.

Not sure how useful this would be to others, but it was entertaining, so I figured I would share.

[Kingz V]

+rep nice post

[GAMEchief]

This sounds very insecure, and even the most basic of security should block it, so I'm curious if it works.

[Blaze]

This sounds very insecure, and even the most basic of security should block it, so I'm curious if it works.

It works. I know it works, because I did it. Just try it

[The Unintelligible]

Interesting discovery. I don't play gaia anymore but even if (or when rather) this gets patched, the method behind doing this is still pretty useful info.

+rep

[Omlett]

Interesting discovery. I don't play gaia anymore but even if (or when rather) this gets patched, the method behind doing this is still pretty useful info.

+rep

Maybe if you can force comments to delete you can force other actions too.

[tantantan]

Maybe if you can force comments to delete you can force other actions too.

Shall we begin to test this theory?

[Blaze]

Maybe if you can force comments to delete you can force other actions too.

That's what I was wondering. Haven't figured out what I want to test yet, though.

[Omlett]

That's what I was wondering. Haven't figured out what I want to test yet, though.

Try to force accept trade for another person is the first thing that came to my mind.

[A terrible taste]

That's what I was wondering. Haven't figured out what I want to test yet, though.

I wonder if you can delete forum post that other users made as well.

Also, have you tried to edit comments by doing the same thing?

either way, impressive find.

[Zerovirus]

Omlett beat me to it, but I was thinking the same thing. That could possibly be imitated for forums, though it might not work since (as far as I know), posts aren't given a userid.

It could be even possible to force purchases of items without losing any gold on your side, but having the gold delivered to the seller. Maybe. I'm just spitballing.

[Kitsune]

Hate to shoot you guys down but a few years ago someone found a similar exploit with the Art Arenas in Gaia.
So it could possibly still work with that, but forcing trades/market/forum actions more than likely won't work.

[Izaya]

Was this never patched? Cos fairly sure it was abused all to hell ages ago by several people from another forum I used to be a part of.

[Blaze]

Doesn't work with forums, throws a permissions error page out.

Haven't tried it with anything else yet.

[Zerovirus]

Has anyone figured out if this extends to any other areas rather than comments?

I did try trades and marketplace purchases, but nothing happens.

[Kitsune]

Has anyone figured out if this extends to any other areas rather than comments?

I did try trades and marketplace purchases, but nothing happens.

Hate to shoot you guys down but a few years ago someone found a similar exploit with the Art Arenas in Gaia.
So it could possibly still work with that, but forcing trades/market/forum actions more than likely won't work.

^

[Lysergic Delights]

+rep. I've known about this for years and finally somebody else found it, congrats. I wrote a php script to do it for you and a ruby one at one point.

Was this never patched? Cos fairly sure it was abused all to hell ages ago by several people from another forum I used to be a part of.

Nah it was never patched I was the only one really using it. But hey, you remember the php script I wrote I'm sure.

[ZeroSan]

Hate to shoot you guys down but a few years ago someone found a similar exploit with the Art Arenas in Gaia.
So it could possibly still work with that, but forcing trades/market/forum actions more than likely won't work.

I was that "someone" who found the similar exploit for the Art Arenas.
I posted it on EBU many years ago, and Larry (I believe that was his name) volunteered to make it on a some command line program for me.

Anyways, congrats OP for figuring it out.

[The Unintelligible]

I was that "someone" who found the similar exploit for the Art Arenas.
I posted it on EBU many years ago, and Larry (I believe that was his name) volunteered to make it on a some command line program for me.

Anyways, congrats OP for figuring it out.

LOL @ Larry. Larry as in Larry Bird, eh?

Anyways, name was Lan, but yeah I remember making that program for you a while ago. I got banned a few times while testing it (lol) but I suppose it was worth it for the end product.

I kinda remember you. What brings you to LG?

[iAMCEEJAY]

Lol I think this has been patched

[Dhacker]

ow