PDA

View Full Version : Prevent [IMG] tag in reputation posting / Flaw being exploited


jadkar
04-02-2006, 01:36 PM
Hello, I'm sure this is not a big deal and I'm hoping someone can let me know how to do this real quick because it's becoming a disaster.

I run a site with primarily kids on it. Someone discovered a flaw in vBulletin and have exploited it. Now 20-30 of these users are out of control and making a mess of the reputation system. I have disabled it for now, but I need to prevent them from doing this. Here's what's going on.......

They figured out when leaving "rep" for someone they can use the [IMG] tag in the comment. When they do they link to a photo that's super huge, like 8000x8000. Once this is done the poor user who received the "rep" can never load his "user CP", or it loads but takes forever. Each time this happens the only way for me to get rid of it is to actually go to the SQL database and do a search for the entry and delete it!!! There's no other way within the UserCP besides deleting all his/her "rep".

So yes, this is a mess. What I'm looking for is a way to just remove the ability of using the [IMG] tag when posting reputation.

Please help :(

Nathan2006
04-10-2006, 08:33 PM
Yes I would also like to know how to stop this.

I have in the past seen this and large pics ending up in members rep in the usercp :(

Is there anyway of stopping the [img] tags?

Dsyn11
04-11-2006, 12:08 PM
this is a fairly serious flaw and should be reported to vB bug tracker. If my members figure this out, I'll have to suspend the rep system as well. :(

Borgs8472
04-11-2006, 12:16 PM
I fixed this bug on my old forum, but I'm no longer a member there now and don't quite remember how I fixed it. If you ask at www.wordforge.net they should tell you.

Nathan2006
04-13-2006, 03:40 AM
I asked over at vb.com and Jake said: to ask over here ;)
I believe it shares this setting:

Admin CP -> vBulletin Options -> User Profile Options -> Allow [IMG] Code in Signatures

And I checked it and it does cut off the images but is there anyone that can help to just disable the [img] tags in the rep comments?

Thanks for any help :)

jadkar
04-16-2006, 12:21 AM
Nobody else :( On this entire site of people developing all sorts of stuff nobody has any idea??

shockx5
06-15-2006, 10:33 PM
I'm gonna have to bump this because my members on my site are exploiting this little flaw by posting grotesque porn (not pretty) and dead bodies and stuff.

Pretty serious...so any help is appreciated, and I only want [IMG] disabled for Reps.

peterska2
06-15-2006, 10:55 PM
I can get all BB code disabled for reps, I'm just checking if it affects things like smilies now.

peterska2
06-15-2006, 11:18 PM
Here we go, enjoy :)

https://vborg.vbsupport.ru/showthread.php?t=118715