FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


found a serious bug (please , do not exploit to get frih$)





mahirh
i was just trying to add links in posts and i found a stupid bug , the points system processes the posts and assigns points before the bbcode is allowed to run on the post. As a result , this happens

Quote:
Code:
Your message has been entered successfully.
You earned 4.8756 Points, 4.8756 FRIH$ for that post

Click Here to view your message

Click Here to return to the forum
 

even if what you typed was
Quote:
Code:

[url=http://www.google.net/]excellent , i love it[/url]
[size=0][url=http://viewpure.com/en&safe=active#sclien
t=psy&hl=en&safe=active&site=web
hp&q=ffffffffffffffffffffffffffffffffffffffffffff
ffffffffffinde+the+gorri+++fd&aq=f&aqi=&aql=&oq=&gs_rfai=&
pbx=1&fp=fbb9e82777227709/]excellent , i love it[/url][/size]

which may render as
Quote:

excellent , i love it
excellent , i love it

which looks like a small one liner but it yields them more than 5 points
these points are convertecd into coins and this bug can make getting coins easier which may lead to frihost going bust , moderators , look out
( Note: i posted this publicly , only because i did not know who to report , i have not used it yet)
Bondings
There are a lot of exploits that can be used to gain points/frih$/coins that are similar to what you described. However, they are obviously not allowed and can get a user warned and even banned in some cases.

And yes we aren't able to spot those things by reading normal posts, but it gets noticed by quoting or editing a post. So even if a user gets away with it for some time, in the end it will be caught.
Blaster
Exactly like bondings said if you quote there post or a MOD goes to edit there post it would get noticed. Quoting is so common on these forums that in the long wrong someone would end up seeing it and would most likely report them to a moderator in some sort of fashion.
mahirh
but if it is a image , you cannot find it by quoting
Ghost Rider103
Even if it's in an img tag you should still be able to view it by quoting. Quoting someones post will quote exactly what they write on the "reply" page. You won't be able to see it on the actual thread, but when you go to quote their post to write your own you will definitely see it.
meep
Yes but the problem with an image is that you can give it a really long name (like 100-200 characters), and exploit that to get frih$ for example you could do "http://www.photobucket/albums/long_album_name/_long_image_name.jpg"
and it would still look legit.
Related topics
I cant install php chat tables nor set up diffrent subdomain
Dynamic PHP Images
-0.00 FRIH$??
XeononyX - online - forum and software
Open source
Multidimensional Arrays & passing info between windows
Ubuntu ... Bug No 1 :-)
Portfolio Site (Critiques Encouraged)
2 Wordpress Plugins Installation Please? - 50 Frih$ [help?]
need help restoring phpbb database from old webhost.
Common Vireses Found And How To Kill Them.
Something crazy about IE javascript wew...
State your Political Philosophy! (1000 FRIH$ to the best!)
database import
Reply to topic    Frihost Forum Index -> Support and Web Hosting -> Frihost Support

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.