LinkBack URL
About LinkBacksI wouldn't really call it a vulnerability, but more like a way for people to gain information about our forum and see different forums for them to try to exploit.
First, go to any of these links.
and now try this link:Code:http://forum.logicalgamers.com/donators/ http://forum.logicalgamers.com/moderators/ http://forum.logicalgamers.com/administrators/ http://forum.logicalgamers.com/recycle-bin/
The "trash bin" link doesn't exist. See how you can tell what forums do and don't exist, even if you don't have access to them?Code:http://forum.logicalgamers.com/trash-bin/
This is just an example using the trash forum, but say they wanted to find the name of our admin forums because of some kewl neu exploeet.
All they would have to do is see which pages return the "You don't have permission" page, and which return our custom 404 page.
I think we should make forums that users don't have access to redirect to our 404 page instead, just to be safe.
Like I said before though, this is just a thought, it's not like we're going to get hacked because of it or something lol. Just increasing overall site security.
What do you guys think?
Results 1 to 10 of 10
Thread: Mini-vulnerability
- 02 Mar. 2013 03:29am #1Banned Epic
- Join Date
- Apr. 2010
- Location
- When freedom is outlawed only outlaws will be free
- Posts
- 5,113
- Reputation
- 195
- LCash
- 0.25
- Awards
Mini-vulnerability
- 02 Mar. 2013 03:38am #2
Doesn't look like an exploit
I'm lightning on my feet
- 02 Mar. 2013 05:37am #3
hey sweet sig yo'
Originally Posted by The Unintelligible 
- 02 Mar. 2013 05:39am #4
Ye. It's just a temporary thing. Never took it off when I was trying to troubleshoot your issue.
Too lazy/apathetic to remove it currently.I'm lightning on my feet
- 02 Mar. 2013 05:40am #5 well dont remove it Originally Posted by The Unintelligible
i'll be sad
- 02 Mar. 2013 05:42am #6 Then you Use it. (ha, get it, Use it?) Originally Posted by Use
But yeah, I definitely cannot sport this sig forever. Sorry.I'm lightning on my feet
- 02 Mar. 2013 05:43am #7 i'm lolling Originally Posted by The Unintelligible
you'll rue the day you change your sig
- 02 Mar. 2013 05:44am #8 >mfw Originally Posted by Use
I'm lightning on my feet
- 02 Mar. 2013 05:47am #9
- 02 Mar. 2013 07:14am #10Administrator
- Join Date
- May. 2012
- Location
- Alabama
- Posts
- 7,717
- Reputation
- 363
- LCa$h (Rank 1)
- 0.86
- Awards
-
So yeah, anyway. It's not an exploit. It does absolutely no harm for anyone to know what the admin forum name is. Le end.
E-Mail: charlesstover@charlesstover.com / Text: (920) 786-8379 / Steam: GAMEchief
Originally Posted by Drakonid Originally Posted by La Vie Cruelle 
