Lookism - Aesthetics, Black Pill, and Masculinity Discussion
[JFL] Stop using .org (Vulnerability) - Printable Version

+- Lookism - Aesthetics, Black Pill, and Masculinity Discussion (https://lookism.cc)
+-- Forum: Other (https://lookism.cc/Forum-Other)
+--- Forum: OffTopic (https://lookism.cc/Forum-OffTopic)
+--- Thread: [JFL] Stop using .org (Vulnerability) (/Thread-JFL-Stop-using-org-Vulnerability)

Pages: 1 2 3 4 5

RE: Stop using .org (Vulnerability) - Nati - 07-02-2025

(07-02-2025, 03:47 PM)TRUE_CEL Wrote:
(07-02-2025, 03:45 PM)Nati Wrote:
(07-02-2025, 03:44 PM)TRUE_CEL Wrote:
(07-02-2025, 03:34 PM)SubhumanEyes Wrote:
(07-02-2025, 03:25 PM)TRUE_CEL Wrote: Well well well, what do we have here, folks?

wallah tell that nigga numbthepain to unban me from .com ...i did nuffin wrong

You know, if it was anyone other than Numby, I could have maybe convinced them to unban you, but this is NumbThePain we're talking about. He's like, my bestie. I support him through thick and thin, even if I don't agree with his decisions (9 out of 10 times I agree with his decisions). Unfortunately, I cannot help you out with this.

even doe xe's literally always on a power trip

I don't think he's power-tripping, you were banned over the repbotting, weren't you? In the beginning, it was only avdkek or however you write his name, but since it was the first case, we weren't exactly sure of how to handle the repbotting issue. Now I guess that's evolved into just permanently banning users for it.

I(Naticel on .org) was banned for being an alt even doe i literally proved that i wasnt, now i am hardbanned(i cannot even check new threads) with no reason(it only says 'reason:do not unban.') and i think i got banned on .com for making a grown man seethe

RE: Stop using .org (Vulnerability) - Greypiller - 07-02-2025

(07-02-2025, 04:19 PM)Nati Wrote:
(07-02-2025, 03:47 PM)TRUE_CEL Wrote:
(07-02-2025, 03:45 PM)Nati Wrote:
(07-02-2025, 03:44 PM)TRUE_CEL Wrote:
(07-02-2025, 03:34 PM)SubhumanEyes Wrote: wallah tell that nigga numbthepain to unban me from .com ...i did nuffin wrong

You know, if it was anyone other than Numby, I could have maybe convinced them to unban you, but this is NumbThePain we're talking about. He's like, my bestie. I support him through thick and thin, even if I don't agree with his decisions (9 out of 10 times I agree with his decisions). Unfortunately, I cannot help you out with this.

even doe xe's literally always on a power trip

I don't think he's power-tripping, you were banned over the repbotting, weren't you? In the beginning, it was only avdkek or however you write his name, but since it was the first case, we weren't exactly sure of how to handle the repbotting issue. Now I guess that's evolved into just permanently banning users for it.

I(Naticel on .org) was banned for being an alt even doe i literally proved that i wasnt, now i am hardbanned(i cannot even check new threads) with no reason(it only says 'reason:do not unban.') and i think i got banned on .com for making a grown man seethe

i will organize a com raid soon with @Filler , dont worry

RE: Stop using .org (Vulnerability) - Nati - 07-02-2025

(07-02-2025, 04:22 PM)Greypiller Wrote:
(07-02-2025, 04:19 PM)Nati Wrote:
(07-02-2025, 03:47 PM)TRUE_CEL Wrote:
(07-02-2025, 03:45 PM)Nati Wrote:
(07-02-2025, 03:44 PM)TRUE_CEL Wrote: You know, if it was anyone other than Numby, I could have maybe convinced them to unban you, but this is NumbThePain we're talking about. He's like, my bestie. I support him through thick and thin, even if I don't agree with his decisions (9 out of 10 times I agree with his decisions). Unfortunately, I cannot help you out with this.

even doe xe's literally always on a power trip

I don't think he's power-tripping, you were banned over the repbotting, weren't you? In the beginning, it was only avdkek or however you write his name, but since it was the first case, we weren't exactly sure of how to handle the repbotting issue. Now I guess that's evolved into just permanently banning users for it.

I(Naticel on .org) was banned for being an alt even doe i literally proved that i wasnt, now i am hardbanned(i cannot even check new threads) with no reason(it only says 'reason:do not unban.') and i think i got banned on .com for making a grown man seethe

i will organize a com raid soon with @Filler , dont worry
It'd be tuff if inceltears got off their asses and instead of seething at .org threads they'd actually do something

RE: Stop using .org (Vulnerability) - Lookism - 07-02-2025

(07-02-2025, 10:48 AM)Filler Wrote: Hello FEMBOYS and GENTLEMANS, today we will be discussing a vulnerability I found in larmacussmall.org!

I dont know if this vulnerability fits into the SSRF (Serverside request forgery) or information disclosure. 

So basically the proxy.php (php file that proxies external content) 
appears to:
1. Send a proxied request to the external cotent (to cache it)
2. When a user loads up on a page with the image, instead of their request going through proxy.php, it goes through unproxied
NOTE: This is only a speculation I made while looking at the site through burp suite

Therefore, by opening a user profile / opening a thread with malicious replies, the attackers have your:
- Useragent (browser information)
- IP (internet a.. yeah you know what this is)

This is probably going to be fixed soon due to this thread (also the exploit is very incosistent)

Don't worry, i'm currently testing .org I will let you guys know about other findings

I saw other MyBB forums being targeted by this type of attack recently, though MyBB refuses to patch it (by default) as you can fix it by enabling a option in the adminCP

As for Looksmax.org, I believe its one of these option:
a) Misconfigured proxy.php

b) If the image fails to load (thats the case in the screenshot posted) then Xenforo assumes that proxy.php is broken, and stops proxying the image URL.

c) Since the forum uses Cloudfare's CDN, the CDN maybe cache's the original image URL instead of the proxy one.

RE: Stop using .org (Vulnerability) - Greypiller - 07-04-2025

(07-02-2025, 03:54 PM)TRUE_CEL Wrote:
(07-02-2025, 03:51 PM)Greypiller Wrote:
(07-02-2025, 03:49 PM)TRUE_CEL Wrote:
(07-02-2025, 03:47 PM)Greypiller Wrote:
(07-02-2025, 03:41 PM)TRUE_CEL Wrote: I wasn't going to. But eh, I think it's probably better if I did. However, since I only came to know about this thanks to you, I'll wait for you to give me the green light. It's the least I owe you. I don't, however, think that Master would be in the position to give any monetary handouts, since he isn't making enough money to keep a decent profit, I think. I feel like the revenue he's getting is exactly the amount he needs to pay for the server costs.
why would he host on cloudflare tho , there alot better alternatives which are cheaper and are immune to takedowns
I honestly don't know, maybe it's because of what he's used to? I don't really talk to Master. He's more behind-the-scenes, when he's on the forum, he mainly lurks and he doesn't really post in the Staff PM. He recently JFL'd one of my posts there, hehe.

i mean since im assuming master is a tech guy here, he did some things seriously wrong in the server configuration which is why the site goes down so often . @Filler actually applied to be mod and fix the site a few months ago but numb said no i guess any greypiller,kaligula or dxd crew association gets you instantly on the no mod list JFL

Tbh, I was under the impression that Master wasn't directly responsible for the coding, but I could be wrong. I never asked him. As for mods, we generally do a background check. Problematic users aren't going to be part of the team, and if they do manage to get inside, then sooner or later they'll be demoted again. ;P

after discussing with @Lookism your eligible for a trial moderator , welcome to the family.