CardingMafia Admin
02-12-2013, 12:27 PM
Hi , I was working On Mybb And found Some Stuff...
So Today LOgin Attempts Bypass..oka
Mybb Is manipulating Login Attempts By a Cookie Name as Loginattempts . . .
So,what Mybb Does whenever A Wrong Login Occurs IT Increments the Value Of loginattempt . .
LIke
loginattempt=0;-----loginattempt=1; each increment on each wrong Login.
And When This value become greater then 10 , Mybb displays No more LOgins.
But What iF You modify this Cookie Value ON each Request.
OH yes YOu can Keep BruteForce Mybb.
LIke Just modify loginattempt=0; on Each Request .
So this FOr Today..
Screenshot
http://postimage.org/image/3ywszeg7r/
So Today LOgin Attempts Bypass..oka
Mybb Is manipulating Login Attempts By a Cookie Name as Loginattempts . . .
So,what Mybb Does whenever A Wrong Login Occurs IT Increments the Value Of loginattempt . .
LIke
loginattempt=0;-----loginattempt=1; each increment on each wrong Login.
And When This value become greater then 10 , Mybb displays No more LOgins.
But What iF You modify this Cookie Value ON each Request.
OH yes YOu can Keep BruteForce Mybb.
LIke Just modify loginattempt=0; on Each Request .
So this FOr Today..
Screenshot
http://postimage.org/image/3ywszeg7r/