Incline Friendly advice - upgrade your forum software

[jcd]

According to the copyright at the bottom of the page, the version you're running is from 2019.

In 2020, a vulnerability in Xenforo 2.1 was patched, which involved XSS in content approval queue: https://xenforo.com/community/threa...-fix-and-media-gallery-2-1-7-released.175577/

This vulnerability allows data theft and unauthenticated access to be performed with a specially crafted thread title, accessing the forum with elevated privileges when a moderator checks the approval queue. As far as I know, the first few posts on the Codex have to be manually approved.

It would be a HUGE shame if somebody exploited this vulnerability and say, banned Crispy and deleted all of his posts. I am thus advising you to perform a forum software upgrade as soon as possible.

 

[Rean]

 

[OSK]

I found the best way to get DU to fix something is to exploit it: https://rpgcodex.net/forums/threads/html-disabled.37853/

But in a nice, friendly way. I think banning Crispy would count.

 

[DarkUnderlord]

It would be a HUGE shame if somebody exploited this vulnerability and say, banned Crispy and deleted all of his posts. I am thus advising you to perform a forum software upgrade as soon as possible.

A huge shame for the forum, Crispy, or the person who tried the hack?

 

[Konjad]

It would be a HUGE shame if somebody exploited this vulnerability and say, banned Crispy and deleted all of his posts. I am thus advising you to perform a forum software upgrade as soon as possible.

A huge shame for the forum, Crispy, or the person who tried the hack?

You have less than 7 cycles of guilt to convince me that you aren't a Jian.

If you have ever used a Facere Mortis, or, the Commander forbid, the Double Katanas; then you are a Jian. Real aspirants of the Culter Dei use only the Damocles and the Arracondra.

If you have ever used the Medikit, filthy disease ridden rat manger instrument that it is, then you are a Double Jian. The devout of the Culter Dei only use the power of Alchemy and Maintenance in the battlefield to mend their wounds. And only rarely, as our armor deflects even the most penetrative .444k round. Multiple times over.

If you have ever used silenced coward weapons, like the Motra or the BOSCO, then you are a Triple Jian. If you have used them in combination with Cloak, then you are a Triple Double Jian, and should be shamed, castrated, and banished to Aemos to be intruded into by your most beloved fraud, master anzymut.

If you have used any augmentations other than Cyber Legs and Adrenaline, then you are a false messiah born out of the fornicating septic waste of New Eden's organic waste fuel recycling facilities.

Only the most holy and sacred firearms are allowed to be used by our prestigious errants; only the HS 010 (in Fuller Auto mode. Forbid the use of semi and LESSER auto. Such settings are only for the lesser peoples.), the 444k Bear Killer, Rotten Mound, Hunting Machine, Deperazor, and Sulfatum, and the Excidium are considered acceptable. Usage of anything lesser is heresy of the highest order, and you should be punished as befits the lowliest of the Jian peasantry.

Now, prove to me you aren't a Jian. Or else the next time there are waves in the temple, they'll see your stupid clown face being worn as a moron party mask.

 

[SoupNazi]

It would be a HUGE shame if somebody exploited this vulnerability and say, banned Crispy and deleted all of his posts. I am thus advising you to perform a forum software upgrade as soon as possible.

A huge shame for the forum, Crispy, or the person who tried the hack?

You have less than 7 cycles of guilt to convince me that you aren't a Jian.

I liked you better when you had that little dwarf with a pickaxe as your avatar

 

[Konjad]

It would be a HUGE shame if somebody exploited this vulnerability and say, banned Crispy and deleted all of his posts. I am thus advising you to perform a forum software upgrade as soon as possible.

A huge shame for the forum, Crispy, or the person who tried the hack?

You have less than 7 cycles of guilt to convince me that you aren't a Jian.

I liked you better when you had that little dwarf with a pickaxe as your avatar

Me too, but DU removed DF avatars

 

[jcd]

It would be a HUGE shame if somebody exploited this vulnerability and say, banned Crispy and deleted all of his posts. I am thus advising you to perform a forum software upgrade as soon as possible.

A huge shame for the forum, Crispy, or the person who tried the hack?

For the social workers monitoring Crispy 's mental health through this website.

 

[Semiurge]

It's a big leap. Many sites have this version on their tombstones.

 

[Savecummer]

According to the copyright at the bottom of the page, the version you're running is from 2019.

which is not even 2.0

 

[Syl]

According to the copyright at the bottom of the page, the version you're running is from 2019.

which is not even 2.0

Let me guess, which means the vulnerability is not even there?

 

[Taluntain]

Yes.

 

[razvedchiki]

why was jcd unbanned.

 

[jcd]

I didn't exactly have high hopes considering how long it took for the https rollout, but this isn't the only vulnerability they've patched since 2019: https://xenforo.com/community/forums/announcements/

 

[DarkUnderlord]

They do regular patches for software?

Who knew.

Who knew.

Man I don't think I've upgraded anything here since XF first came out. I just kind of leave it. I mean, sometimes I get emails about a new update but meh. Who has the time.

 

[jcd]

 

[thesoup]

It's all fun and games until you realize you've been sending spam for the past 3 months and now you're on all possible blacklists.

 

[Tavar]

According to the copyright at the bottom of the page, the version you're running is from 2019.

which is not even 2.0

Let me guess, which means the vulnerability is not even there?

The link in the original post says that the vulnerability was introduced in version 2.1.0 which was released in January 2019. I'm not sure what version the board is currently using, though.

 

[jcd]

According to the copyright at the bottom of the page, the version you're running is from 2019.

which is not even 2.0

Let me guess, which means the vulnerability is not even there?

The link in the original post says that the vulnerability was introduced in version 2.1.0 which was released in January 2019. I'm not sure what version the board is currently using, though.

You can't tell, that's the whole point. If it's from 2019 then it's likely it has that vulnerability.

 

[Haba]

Here, let me reveal an actual hacker method for finding shit out. Protip: protect the folder.

https://rpgcodex.net/forums/install/index.php?upgrade/

 

[Tavar]

Here, let me reveal an actual hacker method for finding shit out. Protip: protect the folder.

https://rpgcodex.net/forums/install/index.php?upgrade/

Nice, according to the page it is version 1.5.24. We are safe, praise the lord.

 

[jcd]

XenForo 1.5 End of Life Reminder

As we first notified you back in December 2018, XenForo 1.5 is now considered a legacy product and is no longer in active development. As such, we ended support and upgrades for it back in May 2019, but committed to releasing security updates, should issues arise, until 31st December 2019.

1.5 years after security updates ended, LOL!

 

[DarkUnderlord]

Yeah, you might have to try some other way to shut the forums down.

 

[Taluntain]

I didn't exactly have high hopes considering how long it took for the https rollout, but this isn't the only vulnerability they've patched since 2019: https://xenforo.com/community/forums/announcements/

Good thing I'm subscribed there.

 

[thesoup]

Banned for friendly advice. Unbelievable.

 

[Maxie]

was it a friendly advice as in 'hey du fix this website or we get fucked nigga' type of advice
or as in 'hehe i see ur website is EZ TO COMPROMISE it would be a shame if sb COMPROMISED it ;'))'

 

[Kalin]

If jcd wanted he could've nuked this place years ago, Bald Benzolord is just being a fucking retard as usual.