Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

Posting a VBulletin thread

F

Fraysa

I'm overrated.
Loyal Member
1000 Posts Got A Reaction 10 Happy Years
Joined
Apr 10, 2008
Messages
4,087
Reaction score
1,264
I wasn't sure where to post it, so I thought this would be a good place. I opened a new thread and looked at the POST request so I can recreate it with .NET.

Fraysa - Posting a VBulletin thread - RaGEZONE Forums


Is anyone familiar with these values? Like, what's 'posthash', 'securitytoken' (I assume it's the token for logged-in users), and how would I get them through my code?

Thanks.
 
The Best DDoS Protected Servers
AngraMainyu

AngraMainyu

Elite Diviner
Joined
May 30, 2011
Messages
443
Reaction score
95
Writing a Shitzone bot, Fraysa?

Some of these things are generated internally by VBulletin (and then injected into the javascript response, which then injects them into forms, and lots of other crazy stuff.) Security token should be empty in most fields until submit time but the regex for it is
Code: 
var SECURITYTOKEN = "(.+)";
. That should be all you need to get requests working, as well as a valid, fake useragent preserved across requests. Post hash should be an MD5 of your post, I think. Not sure if it's required.

Anyway, security tokens don't refresh for a while and can be used for different actions than they were generated for (i.e. if you get a security token from a thread, you can use it in any form around the site until it expires.) They're tokens sure, and that's obnoxious to handle in code, but they're the most hilariously insecure technique anyone could possibly use. Make one GET request for information like userid, securitytoken, etc and then send a POST with the data you got and it's problem solved.
 
Last edited:
F

Fraysa

I'm overrated.
Loyal Member
1000 Posts Got A Reaction 10 Happy Years
Joined
Apr 10, 2008
Messages
4,087
Reaction score
1,264
AngraMainyu said:
Writing a Shitzone bot, Fraysa?

Some of these things are generated internally by VBulletin (and then injected into the javascript response, which then injects them into forms, and lots of other crazy stuff.) Security token should be empty in most fields until submit time but the regex for it is
Code: 
var SECURITYTOKEN = "(.+)";
. That should be all you need to get requests working, as well as a valid, fake useragent preserved across requests. Post hash should be an MD5 of your post, I think. Not sure if it's required.

Anyway, security tokens don't refresh for a while and can be used for different actions than they were generated for (i.e. if you get a security token from a thread, you can use it in any form around the site until it expires.) They're tokens sure, and that's obnoxious to handle in code, but they're the most hilariously insecure technique anyone could possibly use. Make one GET request for information like userid, securitytoken, etc and then send a POST with the data you got and it's problem solved.
Click to expand...

Thank you very much, I will give that a try!

.. And to your question, it's... sort of a bot, but for good purpose. It's just a notifier. It won't spam threads, so no worries.
 
You must log in or register to reply here.

About Us

RaGEZONE® is a website dedicated to the development of massively multiplayer online role-playing games (MMORPGs).

Online statistics

Members online
178
Guests online
11,413
Total visitors
11,591
Totals may include hidden visitors.

Forum statistics

Threads
429,133
Messages
4,590,547
Members
280,876
Latest member
Lynreaver
Most visitors online was 11588 , on 26 Apr 2024

RaGEZONE Sponsor

    HyperFilter
Back
Top