Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Beginners & Help
Re: how to add avatar pic?
by
Sonny
on 18/02/2014, 18:43:11 UTC
Quote from: fighter on February 18, 2014, 06:12:01 PM
Quote from: rohnearner on February 18, 2014, 05:06:21 PM
Quote from: lemfuture on February 18, 2014, 04:34:21 PM
thanks  Smiley
That feature is disabled by the administration i think, because someone told me that it was the reason of forum getting hacked some time ago correct me if i'm wrong . 

How can that be possible?

If you mean how the feature is disabled by theymos, yes it is possible.

If you mean how the forum was hacked with avatar, please check this thread.
https://bitcointalk.org/index.php?topic=306878.0

Quote from: theymos on October 07, 2013, 05:18:33 AM
It was initially suspected by many that the attack was done by exploiting a flaw in SMF which allows you to upload any file to the user avatars directory, and then using a misconfiguration in nginx to execute this file as a PHP script. However, this attack method seems impossible if PHP's security.limit_extensions is set.