my thoughts on forum security
-
i wanted to write about some security issues which many forums suffer from and have yet to be fixed. this isnt a callout post or anything, i just find it interesting. any details on specific forums, vulnerabilities, or specific software will be redacted until its fixed.
quite frankly, forum security - like any other types of security - SUCKS HORRIBLYYY. there is a large forum vendor which is riddled with vulnerabilities, to give you context here are vague summaries of the vulnerabilities ive found in certain forum software:
- broken access control: any moderator, without the right privileges, is able to see user's data which should only be limited to admins.
- any user is able to grab another user's ip address, without any interaction or alert.
- any user is able to upload files which are prohibited.
keep in mind, i only spent like.. an hour or two, doing a basic audit of the web interface part - i didnt even disassemble and decompile the binaries for potentially more serious vulnerabilities. and ofc, i reported all vulnerabilites to the vendor (which they claim they reply and triage within 24 hours - but its taking weeks :sob:)
the point is. uhhhm. there is no point, just be careful online.
-
do you know any good forums that arent this one? like ones for every device ofc
dumb insecure puppygirl
she/her if you use he/him on me i will hunt you down and kindly remind you to use she/her :heart:
-
@pawthetic ummmmmm. no x.x im not familiar with many forums, i just look into the underlying software
she/her, 16
-
@pawthetic ummmmmm. no x.x im not familiar with many forums, i just look into the underlying software
@maple awww man ive been looking for a good forum community to get into. lmk if u find any
