「BE＠5ch掲示板(2.0)」の版間の差分

提供：５ちゃんねるwiki

ナビゲーションに移動検索に移動

2014年8月3日 (日) 18:07時点における版

BE 2.0 とは4月5日にCode Monkey★がリリースしたシステム。

6月12日に大型アップデートが来る。

ログインしないと書き込みできない板

SETTING.TXTで BBS_BE_ID が1以上に設定されている板は、ログインしないと書き込めない.....ハズ

一覧（作成中）

ログインしないとスレ立てできない板

BE TYPE2を参照

新Beの歴史

Be 2.0 サービス開始

2014/04/05(土)にCode Monkey★が新たなBeシステムをリリース。

1 ：C ◆Odemonkey. ＠Code Monkey ★：2014/04/05(土) 16:40:33.31 ID:???0

Hello 2ch netizens.

Today I will release BE Version 2.0 β

Anybody who signs up for the beta version and confirms their email will receive 1000 BE points.
After the official release of BE version 2.0, then the free 1000 BE point event will cease.

Features currently available in BE Version 2.0 β:
* Change ICON [It is currently FREE to change your icon]
* Login/Logout API
* BBS.CGI compatibility
* Dedicated browser compatibility

Features coming soon:
* Profile page
* Buy BE points
* Exchange BE points
* BE stock exchange
* Many more....

その直後にクロスサイトスクリプティングの脆弱性が発見される。

be.2ch.net内のstatus.php内で恐らく、$_GET['ico']で取得した文字列がその後の処理の際にエスケープ処理されなかった事による物であった。

ああわかったぞ
beの画像の値に">を入れてるのか
http://be.2ch.net/status.php?ico="> にすることでXSSが可能になると
書き込みでのエスケープ処理はされてる

その後、Code Monkey★に確認され修正される

128 ：C ◆Odemonkey. ＠Code Monkey ★：2014/04/05(土) 20:42:47.78 ID:???0 ?2BP(1000)

http://img.2ch.net/ico/anime_zonu02.gif
Here is what happened:

The programmers in Jim-san's office made the HTML pages for the new http://be.2ch.net.

I thought they had properly sanitized and verified everything. I guess I was wrong.

I have taken the new be.2ch.net beta offline for the moment.

I will fix it and properly sanitize and verify all input.

After I fix it, ill put it back online, then you guys can try to find some new XSS vulnerabilities.

Thanks!

PMなどが実装される

BE同士でメールのやり取りが可能に。

1 ：Code Monkey ★：2014/06/12(木) 13:54:57.81 ID:???0

Hey!

We installed a new update to BE today.

The new update will likely have bugs in it.
If you find a bug, please tell me.

New features in the update:
* Updated user interface
* Optimized for mobile viewing
* Private Messaging
* HTTPS SSL is now available
* BE now works on Pink Channel also.

https://be.2ch.net/
https://be.bbspink.com/

Android用メッセンジャーアプリ公開

1 ：Code Monkey ★：2014/07/24(木) 23:04:22.60 ID:???0

Push notifications!

Live chatting!

All on your Android.

Free. Wow!

https://play.google.com/store/apps/details?id=com.rqi.bemessenger&hl=ja

@@ 11行目: / 11行目: @@
 :*なんでも質問 http://hello.2ch.net/nandemo/
 :*朝生 http://hello.2ch.net/argue/
+:*運用情報 http://qb5.2ch.net/operate/
 ==ログインしないとスレ立てできない板==
@@ 19行目: / 20行目: @@
 ===Be 2.0 サービス開始===
 <p>2014/04/05(土)にCode Monkey★が新たなBeシステムをリリース。</p>
-  <dt> 1 ：<font color="green"><b>C </b>◆Odemonkey. <b>＠Code Monkey ★</b></font>：2014/04/05(土) 16:40:33.31 ID:???0</dt><dd> Hello 2ch netizens. <br>  <br>     Today I will release BE Version 2.0 β  <br>   <br>     Anybody who signs up for the beta version and confirms their email will receive 1000 BE points. <br>     After the official release of BE version 2.0, then the free 1000 BE point event will cease. <br>  <br>     Features currently available in BE Version 2.0 β: <br>     * Change ICON [It is currently FREE to change your icon] <br>     * Login/Logout API <br>     * BBS.CGI compatibility <br>     * Dedicated browser compatibility <br>  <br>     Features coming soon: <br>     * Profile page <br>     * Buy BE points <br>     * Exchange BE points <br>     * BE stock exchange <br>     * Many more.... </dd>
+  <dt> 1 ：<font color="green"><b>C </b>◆Odemonkey. <b>＠Code Monkey ★</b></font>：2014/04/05(土) 16:40:33.31 ID:???0</dt><dd>     Hello 2ch netizens. <br>  <br>     Today I will release BE Version 2.0 β  <br>   <br>     Anybody who signs up for the beta version and confirms their email will receive 1000 BE points. <br>     After the official release of BE version 2.0, then the free 1000 BE point event will cease. <br>  <br>     Features currently available in BE Version 2.0 β: <br>     * Change ICON [It is currently FREE to change your icon] <br>     * Login/Logout API <br>     * BBS.CGI compatibility <br>     * Dedicated browser compatibility <br>  <br>     Features coming soon: <br>     * Profile page <br>     * Buy BE points <br>     * Exchange BE points <br>     * BE stock exchange <br>     * Many more.... </dd>
 <div>その直後にクロスサイトスクリプティングの脆弱性が発見される。</div>
 <div>be.2ch.net内のstatus.php内で恐らく、$_GET['ico']で取得した文字列がその後の処理の際にエスケープ処理されなかった事による物であった。</div>
-  <dt>53 ：<font color="blue"><b>番組の途中ですがアフィサイトへの転載は禁止です</b></font>：2014/04/05(土) 20:16:53.27 ID:6Wl76cGr0</dt><dd> ああわかったぞ <br> beの画像の値に"&gt;を入れてるのか <br> http://be.2ch.net/status.php?ico="> にすることでXSSが可能になると <br> 書き込みでのエスケープ処理はされてる</dd>
+  <dt>53 ：<font color="blue"><b>番組の途中ですがアフィサイトへの転載は禁止です</b></font>：2014/04/05(土) 20:16:53.27 ID:6Wl76cGr0</dt><dd>     ああわかったぞ <br>     beの画像の値に"&gt;を入れてるのか <br>     <nowiki>http://be.2ch.net/status.php?ico="></nowiki> にすることでXSSが可能になると <br>     書き込みでのエスケープ処理はされてる</dd>
 <div>その後、Code Monkey★に確認され修正される</div>
-  <dt>128 ：<font color="green"><b>C </b>◆Odemonkey. <b>＠Code Monkey ★</b></font>：2014/04/05(土) 20:42:47.78 ID:???0 ?2BP(1000)</dt><dd> http://img.2ch.net/ico/anime_zonu02.gif <br> Here is what happened: <br>  <br> The programmers in Jim-san's office made the HTML pages for the new [be.2ch.net]. <br>  <br> I thought they had properly sanitized and verified everything. I guess I was wrong. <br>  <br> I have taken the new be.2ch.net beta offline for the moment. <br>  <br> I will fix it and properly sanitize and verify all input. <br>  <br> After I fix it, ill put it back online, then you guys can try to find some new XSS vulnerabilities. <br>  <br> Thanks! </dd>
+  <dt>128 ：<font color="green"><b>C </b>◆Odemonkey. <b>＠Code Monkey ★</b></font>：2014/04/05(土) 20:42:47.78 ID:???0 ?2BP(1000)</dt><dd>     http://img.2ch.net/ico/anime_zonu02.gif <br>     Here is what happened: <br>  <br>     The programmers in Jim-san's office made the HTML pages for the new http://be.2ch.net. <br>  <br>     I thought they had properly sanitized and verified everything. I guess I was wrong. <br>  <br>     I have taken the new be.2ch.net beta offline for the moment. <br>  <br>     I will fix it and properly sanitize and verify all input. <br>  <br>     After I fix it, ill put it back online, then you guys can try to find some new XSS vulnerabilities. <br>  <br>     Thanks! </dd>
 === PMなどが実装される ===
-：Code Monkey ★：2014/06/12(木) 13:54:57.81 ID:???0
+<p>BE同士でメールのやり取りが可能に。</p>
- Hey!
+  <dt> 1 ：<font color="green"><b>Code Monkey ★</b></font>：2014/06/12(木) 13:54:57.81 ID:???0</dt><dd>     Hey! <br> <br>     We installed a new update to BE today. <br> <br>     The new update will likely have bugs in it. <br>     If you find a bug, please tell me. <br> <br>     New features in the update: <br>     * Updated user interface <br>     * Optimized for mobile viewing <br>     * Private Messaging <br>     * HTTPS SSL is now available <br>     * BE now works on Pink Channel also. <br> <br>     https://be.2ch.net/ <br>     https://be.bbspink.com/ </dd>
- We installed a new update to BE today.
+=== Android用メッセンジャーアプリ公開 ===
+  <dt> 1 ：<font color="green"><b>Code Monkey ★</b></font>：2014/07/24(木) 23:04:22.60 ID:???0</dt><dd>     Push notifications! <br> <br>     Live chatting! <br> <br>     All on your Android. <br> <br>     Free. Wow! <br> <br>     https://play.google.com/store/apps/details?id=com.rqi.bemessenger&hl=ja </dd>
- The new update will likely have bugs in it.
- If you find a bug, please tell me.
- New features in the update:
- * Updated user interface
- * Optimized for mobile viewing
- * Private Messaging
- * HTTPS SSL is now available
- * BE now works on Pink Channel also.
- https://be.2ch.net/
-  https://be.bbspink.com/
 ==関連リンク==
@@ 52行目: / 43行目: @@
 *[http://maguro.2ch.net/test/read.cgi/poverty/1396694721/ 【悲報】2ちゃんねるにXSSの脆弱性発見される]
 *[http://fox.2ch.net/test/read.cgi/poverty/1402548897/ New BE Update!]
+*[http://fox.2ch.net/test/read.cgi/poverty/1406210662/ BE messenger app for Android.]
 *旧BEの資料: [[BE＠2ch掲示板]]