View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000264 | XMB1 | Bugs | public | 2009-01-23 17:52 | 2009-02-05 07:13 |
| Reporter | miqrogroove | Assigned To | miqrogroove | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Product Version | 1.9.8 SP2 | ||||
| Target Version | 1.9.11 | Fixed in Version | 1.9.11 | ||
| Summary | 0000264: XMB Forum User Impersonation - 2006-04-15 | ||||
| Description | It is possible to register a new account that appears to have an identical username to an existing account and make posts, "U2U" messages, and other actions from this account. Staff Note: Although this is entirely dependent on the character set employed in the XMB translation system, the ISO 8859 family involved here is commonly used, so a charset-based filter may be reasonable. | ||||
| Steps To Reproduce | On a Windows machine - if using another you'll need to figure out how to insert ASCII characters by their decimal code - click registration link, and fill out form to satisfy any/all CAPTCHA requirements and others such as email. In the username box, enter the username you wish to impersonate. Move before, after, or anywhere in between the username, hold "alt" key and tap 0173. This inserts a soft hyphen character, which is not visible in either MSIE or Mozilla (latest versions), I haven't checked other browsers. Complete registration as normal, and set as much of the profile stuff (avatar, et cetera) to match original user. Post inflamatory remarks. | ||||
| Additional Information | https://www.hungryhacker.com/advisories/xmb_20060415_01.html | ||||
| Tags | No tags attached. | ||||
| MySQL Version | |||||
| PHP Version | |||||
| Web Server | |||||
| Browser | Firefox | ||||
| Flags | |||||
| Original Reporter | |||||
| SVN Revision | 1685 | ||||
| related to | 0000277 | closed | miqrogroove | New Usernames Need to be Trimmed |
| related to | 0000486 | closed | miqrogroove | The set of non-printing chars should include consecutive spaces |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2009-01-23 17:52 | miqrogroove | New Issue | |
| 2009-01-23 17:52 | miqrogroove | Browser | => Firefox |
| 2009-01-23 20:05 | miqrogroove | SVN Revision | => 1685 |
| 2009-01-23 20:05 | miqrogroove | Status | new => resolved |
| 2009-01-23 20:05 | miqrogroove | Fixed in Version | => 1.9.11 |
| 2009-01-23 20:05 | miqrogroove | Resolution | open => fixed |
| 2009-01-23 20:05 | miqrogroove | Assigned To | => miqrogroove |
| 2009-02-05 07:13 | miqrogroove | Status | resolved => closed |
| 2009-02-18 08:35 | miqrogroove | Relationship added | related to 0000277 |
| 2012-01-05 18:05 | miqrogroove | Relationship added | related to 0000486 |
