[Adam James]

Your Name: [RG] Operation

Ban ID: 114

Banned by: Temar

Server: n/a

Ban Reason: "Trying to hack the website"

Why should you be unbanned?: I feel as if the ban was unfair, because I never intended to hack the website. My intentions were to find exploits I could report to Temar or another Super Admin. I noticed while viewing client side source code on google chrome that a part of the donation page was vulnerable to XSS (Cross site scripting) I a few seconds after I found it, and tested it out to see if it was just a false positive or not., then reported it to Enzyme,
I would also like to state that it was a POST xss injection, and cant really be used to even exploit anything due to it being post, you cannot grab cookies, etc. It's pretty much useless unless you wanna just test out your skills.
I feel it is unfair because I didnt even mean to find it nor did I intend to exploit it.

Thanks,

Adam/Operation
Evidence: N/A

[George]

While it's understandable that you were looking for vulnerabilities in the donation page so you could report them, the problem is that you gave us no prior warning that you were going to do so. Therefore, when we find out someone is trying to find vulnerabilities out of the blue, it does look suspicious.

At the end of the day it's up to Temar or Faustie whether or not you should be unbanned.

[Nacreas]

If your intention wasn't malicious, you would have requested permission from staff to carry-out this test. From our point of view, you've attempted to find vulnerabilities in our website which could potentially give you access to things which you're not supposed to have access to. At this stage, we see no reason to unban you.

Do you have anything else you'd like to add?

[Adam James]

you've attempted to find vulnerabilities in our website which could potentially give you access to things which you're not supposed to have access to.

XSS can't be used for shit. Even if I was to get Temar or another admins login cookie from XSS i wouldn't beable to use it because mybb has cookie security.

[Enzyme]

You should have alerted/gotten permission from the staff before doing what you did Adam.
What you did is viewed upon as an attempt on hacking our website, something which we do not take lightly.

As I see it, the ban itself is valid. What can be discussed however is if you should be given another chance or not.

Are you trying to appeal this current ban in an attempt to have it removed or are you asking for another chance?

[Adam James]

Sorry went on a trip to New York City.

I guess ill try for a second chance.

[Faustie]

Denied.

Attempting to find exploits without prior permission from either myself or Temar is unacceptable. There are only a few very special circumstances in which we would allow players to attempt to find exploits, and in all of those cases prior permission is a requirement.

Given that you reported the minor issue you found to Enzyme, I'll allow you to make a new unban request in March and we can review then. However, I can't allow this to go without punishment, else others may be encouraged to do what you did.