1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

{BHW Emergency} Any User Can Access Your BHW Settings Page Info

Discussion in 'BlackHat Lounge' started by The Doctor, Jul 9, 2015.

Thread Status:
Not open for further replies.
  1. The Doctor

    The Doctor Jr. VIP Jr. VIP

    Joined:
    Dec 18, 2010
    Messages:
    955
    Likes Received:
    295
    Occupation:
    Computer Scientist, Engineer, Programmer.
    Location:
    ☆☆☆☆☆☆
    Home Page:
    There's currently a caching problem with BHW's content delivery network (CDN) which is causing users to be able to view other user's "settings" (usercp.php) page. As you know, this page contains a list of your private messages (Just the titles), your personal notepad along with it's contents, your subscription titles, and your subscription folder names. If you don't want other people to see any of these things, especially if you have sensitive information in your notepad, delete it immediately as anyone on this forum can currently view the aforementioned information. Other than that, your account information is safe. As it stands, nobody can perform any forum actions on your behalf, only view what's on the settings page itself and I know BHW staff is currently working hard to correct the caching issue. The thread for that is here: http://www.blackhatworld.com/blackh...ome-different-profile-name-caching-issue.html
     
  2. The Doctor

    The Doctor Jr. VIP Jr. VIP

    Joined:
    Dec 18, 2010
    Messages:
    955
    Likes Received:
    295
    Occupation:
    Computer Scientist, Engineer, Programmer.
    Location:
    ☆☆☆☆☆☆
    Home Page:
    :bump: Trying to keep this thread up because a lot of people have sensitive information in their notepads (As I have just discovered first hand).
     
  3. Hawkster

    Hawkster Jr. VIP Jr. VIP

    Joined:
    Jun 22, 2013
    Messages:
    3,507
    Likes Received:
    3,721
    Gender:
    Male
    Occupation:
    Listen to everyone - Follow no-one
    Location:
    UK
    Home Page:
    Didn't even know i had a notepad lol
     
    • Thanks Thanks x 1
  4. The Doctor

    The Doctor Jr. VIP Jr. VIP

    Joined:
    Dec 18, 2010
    Messages:
    955
    Likes Received:
    295
    Occupation:
    Computer Scientist, Engineer, Programmer.
    Location:
    ☆☆☆☆☆☆
    Home Page:
    I've been coming across people who do, sometimes with things they wouldn't want seen. Message titles can also be a very big deal depending on what you're talking to someone about.
     
  5. M4XW3LL

    M4XW3LL Jr. VIP Jr. VIP

    Joined:
    Feb 5, 2013
    Messages:
    1,094
    Likes Received:
    1,275
    This is a simple caching issue which BHW are fixing now. There is no way to access others pm's (they are not cached for obvious reasons).

    Your pm info isn't at risk, it simply doesn't run that way.

    Also to note if someone tries to pm or post when the username is altered it will revert to your logged in account.

    As there are many threads running on this subject, DiamondDamien created a master thread here: www.blackhatworld.com/blackhat-seo/blackhat-lounge/773447-welcome-different-profile-name-caching-issue.html
     
  6. mickyvx

    mickyvx Regular Member

    Joined:
    Nov 7, 2013
    Messages:
    310
    Likes Received:
    136
    Gender:
    Male
    Occupation:
    ICT Administrator
    Location:
    Australia
    I didn't know I had one either.. Interesting.
     
  7. The Doctor

    The Doctor Jr. VIP Jr. VIP

    Joined:
    Dec 18, 2010
    Messages:
    955
    Likes Received:
    295
    Occupation:
    Computer Scientist, Engineer, Programmer.
    Location:
    ☆☆☆☆☆☆
    Home Page:
    Did you read my post? Because you just repeated it except that in the original post in the original thread there wasn't any information about people being able to read your PM titles, notepad, and subscribed threads. Those things are visible and like I said, I've already come across notes and message titles that if it were me, I wouldn't want other people to be reading.
     
  8. Apricot

    Apricot Administrator Staff Member Moderator

    Joined:
    Mar 26, 2013
    Messages:
    12,822
    Likes Received:
    8,260
    Gender:
    Female
    Occupation:
    BHW Admin
    Location:
    Station 2E
    Home Page:
Thread Status:
Not open for further replies.