[EXPLOITABLE]: Ping Bug (not really but can be used as one)

ArchivesProblems & bugs → [EXPLOITABLE]: Ping Bug (not really but can be used as one)

CLOSED

avatar
Ralp
12 Mar 2016 21:06:00 GMT

==This bug allows people to edit their chat so they can forge messages. This may allow them to get people banned for offences be screenshoting it etc.==

What did I expect?

The normal /ping : Pong! scenario.

What actually happened?

A message apeared in only my chat.

Did I see any sort of error message?

No

How can we reproduce this problem?

/ping &4 Dico200 &7→&f spam

/ping &6[&4Jomo&6 -> &cme&6]&f spam

/ping &6[&4Nemes&6 -> &cme&6]&f Get off this server u [insert offensive words]!!!

The peoples names can be swapped for anyone’s

avatar
PyjamaL1ama
12 Mar 2016 21:14:01 GMT
For things like that, we can check the logs :3
avatar
Ralp
12 Mar 2016 21:18:47 GMT
Do you check the logs every time there is a blame though?
avatar
Pepich1851
12 Mar 2016 23:21:08 GMT

Depends on whi blames, who is blamed and they way the chat looks like. It is tough getting 5 people to join it and make it look real. If you make the blame look like there was one person doing bad stuff while everyone except younis carrying on their normal business it’ll be suspicious. Additionally, everyone blamed has the opportunity to defend themself. If someone consists on that it has not happened and asks us to check the logs then we will obviously do so.

But if five people invclusing trusted or similar are blaming a visitor we usually don’t go to check the logs. That’s true. Yet I don’t conider this a bug or a wrongly granted permission, people could simply just turn off chat, take a screenshot, then edit in all the text they need. Which is really easy in the end. Even simpler than abusing /echo or /ping to do that…

Greetings

~Pepich~

Marked as closed