Xenforo : no better than vbulletin ; certainly not all that different
After the trashing delivered to vBulletin software recentlyi, some voices expressed privately their concern that really, xenforo is just as horrible.
Well, truth be told... it's not. It's much worse. For instance :
curl --cookie-jar - -A "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:20.0) Gecko /20100101 Firefox/20.0" --data "do=login&url=%2Fusercp.php&vb_login_md5passw ord=5156390a770193da8ab09ee49ea098a3&vb_login_md5password_utf=5156390a770193 da8ab09ee49ea098a3&s=2103425bcbb7d00c7a53d03d7ddebe95&securitytoken=21af1a47 1268d02b86ee418d42bf02b92a36e851&vb_login_username=julyston&vb_login_passwor d=" http://www.pbnation.com/login.php?do=login curl --cookie-jar - -A "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:20.0) Gecko /20100101 Firefox/20.0" --data "login=hunignot®ister=0&password=gangbang& remember=1&cookie_check=1&_xfToken=&redirect=https%3A%2F%2Fxenforo.com%2Fcom munity%2F" "https://xenforo.com/community/login/"
Above, the vBulletin login method, consisting of passing md5 (yes!) redundant (plain and utf8!) hashes of the password. Below, the xenforo method of passing... the paintext password. What's your preference, between md5 - thoroughly cracked a decade ago - and plaintext ?
They both result in the same single cookie being set, of course ; but the revered bbsessionhash as unique session identifier has been renamed to xf_session. That's pretty much it, and the notion that a court somewhere bought into the theory xenforo's anything but copy/pasted vBulletin is so ridiculous as could have come only only out of a court somewhere.
Moving on, enumeration of userspace works on entirely novel lines now :
for i in {129996..1}; do curl -v -o /dev/null "https://xenforo.com/community/members/sublimelinter.$i/" 2>&1 | grep "Loca" >> hurr.txt; done
Because aren't they fucking cool, putting the name in there, it'd almost have worked as a spacing method. Except it doesn't, and consequently
wc -l hurr.txt
7413 hurr.txt
We're only about 8% done spidering it seeing how we're proceeding rather lazily ; but should you receive a link to this article in the coming days explaining xenforo is a piece of shit... believe it. For it is true.
———- Did you know that it costs ~an hour's time and ~a dime in electricity to send a quarter million emails to various people, as diverse as small outfitter shops in California or "outreach missions" of whatever obscure cultish neoprotestant nuts ?
But did you know that the CTR of this impromptu "email campaign" is well over 3% ? Or that the cost of "getting traffic" is universally the same across the web ?
Maybe there's a lot you don't know. [↩]
Sunday, 10 November 2019
Ciao a tutti vengo dall'italia / itawero
Sunday, 10 November 2019
Right, on a South Korean IP with a .pl email, vieni dall'Italia. Here's what we do : I approve your tester comment, and you get to spend however long it takes until you review your spamlist sending "comments" that don't get approved. Dork.
Saturday, 11 July 2020
Thank you very much for the invitation :). Best wishes.
PS: How are you? I am from France :)
Saturday, 13 February 2021
hiiiiiii i am spider from Arg. I would to ask you what kind of games do you like playing?? My favourite games is diablo rpg
Sunday, 14 February 2021
There's like a whole section discussing this, you know ?
Wednesday, 7 April 2021
Como se llamo esto i am from SPAIN
Wednesday, 9 June 2021
FB friends spy is a facebook windows application that offers to its user’s information about their friends they cannot find in there profiles:
1. Online presence information (offline/online) even if you are in offline chat mode.
2. People most interested by them.
3. People most interacting with them(on comments not messages , spying on messages is illegal and forbidden by facebook, so it is impossible to do, thank you for your understanding).
4. latest Facebook statuses
5. Places visited.
6. Events attending or already participated in
FB friend's spy will ask you for permissions to offer you the information you want, this information will and still be used only by you, it will not be used by anyone else.
FB friend’s spy uses Facebook SDK to connect to Facebook, so users don’t have to worry about their private or secret information.
Wednesday, 9 June 2021
Bwahahaha really, is it a facebookwindows application ?
Listen its user's & there profile : who the fuck ever heard of an understandable spy that's legal ? Huh ? The fucking point of spying is to break laws, otherwise what the fuck are you even doing ?
Wankbook wankdows wank application for wankers.
Wednesday, 9 June 2021
Perhaps it's a wanclickation (this is not illegal, nor forbidden by facebook and therefore it is possible!)