AntiOnline Addicts information disclosure
Results 1 to 6 of 6

Thread: AntiOnline Addicts information disclosure

  1. #1
    Senior Member
    Join Date
    Mar 2004
    Posts
    557

    AntiOnline Addicts information disclosure

    Hi

    "Members <250 posts" know that there
    is a forum called AntiOnline Addicts, however the
    posts are not accessible. Fine with me,
    of course.

    However, I am a bit puzzled that I get
    information about thread-titles like
    "Windows 2000 Server Password Cracking" using either the search engine, the "last 20 posts by username" and/or "all posts by username".

    I just wanted to report that issue -
    it looks like some inconsistency in the
    security measures to me.
    Maybe it's just a feature

    Cheers.
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

  2. #2
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    There are many way's that non-addict's can view information and threads in the Addict's forum. It isn't really a bug per-se, but more a method/way to do so without being granted actual access.
    Space For Rent.. =]

  3. #3
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    Seeing the actual thread is hard but the rest, pretty easy
    -Simon \"SDK\"

  4. #4
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    SDK: Actually, seeing the whole thread is easy.. it's seeing the whole forum which is tricky. Even that though can be done.
    Space For Rent.. =]

  5. #5
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    Really? Does mnstrgrl know what and plan to fix it?
    -Simon \"SDK\"

  6. #6
    Administrator mnstrgrl's Avatar
    Join Date
    Feb 2003
    Posts
    512
    I've plugged a lot of holes for access to the addicts forum, but it seems like new ones pop up all the time. Thread titles I'm not so concerned about, but I'd like to keep members w/o access from reading whole threads. If you guys want to be helpful, you can PM me the methods you've uncovered, and I can look into plugging them.

    thanks
    - h
    I'm not mean. You're just a sissy.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •