Tweet
bypass registration? hacked registration process?
Installed version: vBulletin 3.8.6 Patch Level 1
PHP version: 5.2.17
Apache2
Safe Mode Enabled
Users are able to register, aparently through some hack,. not clear on what exactly,. I'm looking the the 8646&i and wondering if this is where the hack is:
The user registered twice today:
myforum.tld.log:92.241.169.160 - - [20/May/2011:11:29:08 +0300] "POST /forums/register.php?do=register HTTP/1.0" 200 28176 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)"
myforum.tld.log:92.241.169.160 - - [20/May/2011:11:29:09 +0300] "POST /forums/register.php?do=addmember HTTP/1.0" 200 16154 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)"
myforum.tld.log:92.241.169.160 - - [20/May/2011:11:32:20 +0300] "GET /forums/register.php?a=act&u=8646&i=8bf0c49d84c51b1c1fc2b9eb76c642e592a4a018 HTTP/1.0" 200 30235 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3"
myforum.tld.log:92.241.169.160 - - [20/May/2011:11:38:25 +0300] "POST /forums/login.php?do=login HTTP/1.0" 200 13812 "-" "Opera/9.64(Windows NT 5.1; U; en) Presto/2.1.1"
myforum.tld.log:92.241.169.160 - - [20/May/2011:02:53:21 +0300] "POST /forums/register.php?do=register HTTP/1.0" 200 28176 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.14) Gecko/2009082707 Firefox/3.0.14 (.NET CLR 3.5.30729)"
myforum.tld.log:92.241.169.160 - - [20/May/2011:02:53:30 +0300] "POST /forums/register.php?do=addmember HTTP/1.0" 200 16151 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.14) Gecko/2009082707 Firefox/3.0.14 (.NET CLR 3.5.30729)"
myforum.tld.log:92.241.169.160 - - [20/May/2011:03:56:25 +0300] "GET /forums/register.php?a=act&u=8645&i=07dc0936872833f24e65804528df16320ead39f4 HTTP/1.0" 200 30234 "-" "Opera/9.64(Windows NT 5.1; U; en) Presto/2.1.1"
myforum.tld.log:92.241.169.160 - - [20/May/2011:08:45:59 +0300] "POST /forums/login.php?do=login HTTP/1.0" 200 13811 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3"
Is this a bug? Is this being handled in later versions?
Thanks,
-Sup.
PHP version: 5.2.17
Apache2
Safe Mode Enabled
Users are able to register, aparently through some hack,. not clear on what exactly,. I'm looking the the 8646&i and wondering if this is where the hack is:
The user registered twice today:
myforum.tld.log:92.241.169.160 - - [20/May/2011:11:29:08 +0300] "POST /forums/register.php?do=register HTTP/1.0" 200 28176 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)"
myforum.tld.log:92.241.169.160 - - [20/May/2011:11:29:09 +0300] "POST /forums/register.php?do=addmember HTTP/1.0" 200 16154 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)"
myforum.tld.log:92.241.169.160 - - [20/May/2011:11:32:20 +0300] "GET /forums/register.php?a=act&u=8646&i=8bf0c49d84c51b1c1fc2b9eb76c642e592a4a018 HTTP/1.0" 200 30235 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3"
myforum.tld.log:92.241.169.160 - - [20/May/2011:11:38:25 +0300] "POST /forums/login.php?do=login HTTP/1.0" 200 13812 "-" "Opera/9.64(Windows NT 5.1; U; en) Presto/2.1.1"
myforum.tld.log:92.241.169.160 - - [20/May/2011:02:53:21 +0300] "POST /forums/register.php?do=register HTTP/1.0" 200 28176 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.14) Gecko/2009082707 Firefox/3.0.14 (.NET CLR 3.5.30729)"
myforum.tld.log:92.241.169.160 - - [20/May/2011:02:53:30 +0300] "POST /forums/register.php?do=addmember HTTP/1.0" 200 16151 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.14) Gecko/2009082707 Firefox/3.0.14 (.NET CLR 3.5.30729)"
myforum.tld.log:92.241.169.160 - - [20/May/2011:03:56:25 +0300] "GET /forums/register.php?a=act&u=8645&i=07dc0936872833f24e65804528df16320ead39f4 HTTP/1.0" 200 30234 "-" "Opera/9.64(Windows NT 5.1; U; en) Presto/2.1.1"
myforum.tld.log:92.241.169.160 - - [20/May/2011:08:45:59 +0300] "POST /forums/login.php?do=login HTTP/1.0" 200 13811 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3"
Is this a bug? Is this being handled in later versions?
Thanks,
-Sup.
Comment