Log in

View Full Version : vbulletin 3.8.6 cookie security hole

Mihemed Ş?yar
01-07-2012, 06:51 PM
Hi.
Html code in my web site has been closed.
but,

one

write on my site.
smile and exit,

if I enter the http://46.20.2.51/%7Esecurity/vbulletin/smile.php

See the picture

this one is open,
how to shut down

https://vborg.vbsupport.ru/external/2012/01/55.jpg

--------------- Added 1325966151 at 1325966151 ---------------

look
wrote the code,
vbulletin.com have the security error.
kh99
01-07-2012, 07:14 PM
I don't understand what the problem is. It could be because I can't read whatever language that is in the picture.
Lynne
01-07-2012, 07:28 PM
That is like an htaccess protection popup. Someone has protection on the directory where the site or image is located.
Mihemed Ş?yar
01-07-2012, 07:35 PM
Sorry,
My english very bad,

Now,
Please [IMG]http://46.20.2.51/%7Esecurity/vbulletin/smile.php[/IMG ] write your web site . [/IMG ] delete the space
kh99
01-07-2012, 07:59 PM
So are you saying that it's a security hole because that popup might trick people into entering their vbulletin password?
Mihemed Ş?yar
01-07-2012, 08:33 PM
No...

1: https://vborg.vbsupport.ru/external/2012/01/7.gif My message

2:

This not a pic. It is a .php files,


https://vborg.vbsupport.ru/external/2012/01/54.jpg
kh99
01-07-2012, 08:36 PM
Sorry, I still don't get it. It just seems like you've linked to a file that's password-protected by your web server. If there's something else going on, I don't understand.

It could be that I just don't understand enough about security holes to know what you're saying, but maybe someone else will.
Paul M
01-07-2012, 09:32 PM
I think all they are saying is someone linked to a php file using an IMG tag.

Ive removed the links from this thread as the pop-up was annoying.
Max Taxable
01-07-2012, 11:09 PM
I think all they are saying is someone linked to a php file using an IMG tag.

Ive removed the links from this thread as the pop-up was annoying.And since there was no way to read the source code, no real way to tell what all was in the file.
kh99
01-08-2012, 12:06 AM
And since there was no way to read the source code, no real way to tell what all was in the file.

OK, but how is that a security hole (and what does it have to do with cookies)? Maybe if they are saying that someone was able to upload a php file as an image, then run it by putting it in an IMG tag? (No, that doesn't make sense, you could run it without the img tag).
Max Taxable
01-08-2012, 01:06 AM
OK, but how is that a security hole (and what does it have to do with cookies)? Maybe if they are saying that someone was able to upload a php file as an image, then run it by putting it in an IMG tag? (No, that doesn't make sense, you could run it without the img tag).Yes like you, I have no clue why it would be considered a "hole."