Bug Username change item can be exploited

Status
Not open for further replies.
Hello Jeremy,

This ticket has now been closed with the status Cannot Reproduce.

We hope your issue or question has been addressed to your satisfaction. If not, please feel free to re-open it by clicking this link.

If you have any further issues or questions, please feel free to start a new support ticket via the button at the top of every page.

Thank you!
 
Did you try the way I was able to reproduce it? It seemed to work pretty easily and instantly most of the time, so I was just wondering since I wasn't able to try it on another forum. I just don't see how it could act differently on my forum only.
 
I did, and I just tried it again and I'm unable to replicate this issue, sorry :(

If this was a common problem, chances are we'd have more reports of this issue happening at any point over the years.
 
Just curious, how does it determine if the item can't be configured again? At first I thought it was if the dbtech_vbshop_purchase row had something in the configuration column, but I guess that's not it. Thanks.
 
Jeremy said:
Just curious, how does it determine if the item can't be configured again? At first I thought it was if the dbtech_vbshop_purchase row had something in the configuration column, but I guess that's not it. Thanks.
Click to expand...
If the configuration column is something other than NULL, it's considered configured.
 
That's what I figured at first, but this is from testing on my test forum.

This is the row in the database:
fudGM8z.png


This is my account's (userid 1) inventory, the item at the bottom is the item (featureid 16).
va9bqQG.png
 
I'll need access to that account as well as an FTP account in order to look into this further.
 
The problem is that the serialized code is invalid. It says the string "test123" is 9 characters long, which is not true. That causes the validation to fail, and the item to revert to un-configured.

Was it you who configured the item in the first place?
 
In this case, I just placed that string in the table because I was trying to figure out how it decides when it can't be configured anymore. In previous tests, when I used the actual exploit trick, I thought the configuration column still had a string in it, but now I'm not sure.

For some reason, it now seems much easier to reproduce on my actual forum than my test forum. I'm not sure if that's because there are a lot more names for it to look through when checking availability. Maybe that's why it happens?
 
How many users do you have on your forum? You can run
Code: 
SELECT COUNT(*) FROM user
(remember your table prefix) to get the real figure, the vB statistics may be incorrect.
 
Hello Jeremy,

This ticket has now been closed with the status Cannot Reproduce.

We hope your issue or question has been addressed to your satisfaction. If not, please feel free to re-open it by clicking this link.

If you have any further issues or questions, please feel free to start a new support ticket via the button at the top of every page.

Thank you!
 
Status
Not open for further replies.

Similar threads

A
  • Locked
  • Support ticket
Question Item purchase button
Tags
problem vbshop
Replies
7
Views
2K
DragonByte Technologies
DragonByte Technologies
B
  • Locked
  • Support ticket
Question Link to a Tab or Item
Replies
2
Views
2K
DragonByte Technologies
DragonByte Technologies
J
  • Locked
  • Support ticket
Bug Username change item doesn't allow symbols?
Tags
item numbers registration symbols username
Replies
3
Views
821
Fillip H.
Fillip H.
E
  • Locked
  • Support ticket
Question How to embed item
Tags
4.2.x] embed item vbraw [vb
Replies
6
Views
1K
DragonByte Technologies
DragonByte Technologies
nte
  • Locked
  • Support ticket
Bug Purchasable/Giftable Usergroup change Item
Replies
0
Views
493
nte
nte

Legacy vBShop

vBulletin 3.8.x vBulletin 4.x.x
Seller
DragonByte Technologies
Release date
Last update
Total downloads
1,260
Customer rating
0.00 star(s) 0 ratings
Back
Top