|
hi people,
I've changed this modification a bit and performed two tests on my own board.I tryed an XSS attack (failed) and i tryed a meta redirect(failed) looks like clean to me now |
Well Delphiprogrammi, the original fix would have stopped the two attacked in your screenshots already. What I'm curious is the reports that people are still getting hacked after applying the fix, yet no one has provided (via pm) an example of what the hacker used. Are the reports due to they not applying the fix correctly (not overwriting the buggy version somehow), or is there really still a hole?
|
Quote:
|
How do you limit what columns show up on topXstats.php? I just want Latest Replies to show.
Thanks |
Does this hack open up holes in a site? Is it secure?
|
It is now.
|
Thanks for letting me know the hack is secure.
One more thing... How do you limit what columns show up on topXstats.php? I just want Latest Replies to show. Thanks |
Quote:
|
i try to import the product, both allow overright and not allowing it, and get this every time:
XML Error: not well-formed (invalid token) at Line 1 yes i have the right version |
if i wanted the top x stats table to appear under my shoutbox....instead of under the "whats going on box" how would i do so???plz reply :)
|
Quote:
so erase the old one and install the new one |
Quote:
Thanks! |
Hello everyone.
Any idea on how to add forum names next to latest thread? I tried searching this thread but didn't find anything, sorry if I missed something. It would be very useful to me, most of the times thread title doesn't clearly indicate in which section thread was posted so people check threads which they are actually not interested in. I've seen it done on one board so I guess it must be possible. |
Quote:
|
could anyone plz tell me how to move the whole box to be just under my shout box? anyone???
|
move the could that you put in your forum template.
|
Quote:
You just move Code:
<if condition="$show['topXstats']"> |
thats just it though..im useless with templates...could u possibly direct me to where exactly i should post it?
|
Well I don't have shoutbox installed so I am not sure whats the code for in forumhome template but you'll spot it easily it will mention shoutbox. Just go to style manager open forumhome tepmplates then a template called forumhome. Find that code for topxstats I wrote earlier and move it to the top of the template. You'll see on top something like:
$header $navbar somewhere under it should be a shoutbox code, and you can add topxstats under that shoutbox code if that's where you want to display it. |
Quote:
http://forum.realmofexcursion.com |
My site has been hacked. I was runnng Top X, amongst other hacks. I have uninstalled it, but am not sure if this was how the site was hacked, or what to do to get it back. The index pages for my forum, and photopost, and photopost classifieds all show the hackers page, Unfortunately, I am not well versed at this stuff and could really use some help getting my site back... Could someone PM me or reply please? At least let me know if the hack on my site was from running Top X, or I have another problem....
If the site is visited from anywhere but the index page, everything works fine http://www.forums.repashy.com/cmps_index.php my site: http://www.forums.repashy.com/ Sincerely, Lance UPDATE.... I re uploaded my index pages and everything SEEMS normal... Is this all I needed to do? .... Sorry I am such a moron, but I could use the piece of mind from someone to let me know if that's all I need to do....... UPDATE 2 .... I have figured out that the index page of every subdomain has been hacked. these are outside vbulletin's folder.... might be unrelated to this hack vulnerability and just a coincedence.... anyone? UPDATE 3... Well, after hours on my site I figured out it was unrelated to this hack and actuall a critical vulnerability in flashchat..... if you are running that script, make sure you check it out. No message was sent out by the author, even though it is a paid script and the support forum on the site is flooded with info on it..... Lance |
hi guys, my mod. seems to work fine. I did both step 1 and 3. but i didn't do step 2: 2) Upload topXstats.php to your forums directory. Is that okay? will it work fine without doing that. also, if I really have to do that, what exactly do I do? Thanks guys.
|
using ftp or uploading program, upload it to your main forum directory, with index.php in it. You need to for it to work.
|
Quote:
Anyone knows how to fix ??? |
English PleasE?
|
Quote:
|
this hack is very bad with Unicode!
|
Hello,
I've installed this hack successfully and i'd like ask 2 questions : 1. How to not display the "Administrators and Moderators" nicknames on "Top Posters" ? 2. Is it possible to have some "Top Posters only from the Week Beginning", i mean to display only the Top Poster Person who makes some messages from "Sunday to Monday" and not displaying the entire messages from the Registration of that Top Poster Person. Is it possible and how ? Thanks in advance. |
can you tell me how can i put this on the top instead of bottom...
When i installed it, the state is at the bottom of the forum can you tell me how can i put it on the top of the forum. thanks... |
this work with 3.6.1??
|
ya worked for me
|
but i want to know how can put it on the top of the forum its at the bottom anyone knows????
|
Quote:
Add to the very bottom PHP Code:
|
this is STILL a security risk..
Forum was redirected again today... Yes I have the newest version and it still is insecure.. |
Quote:
report it and have the admins look at it. |
Quote:
delete and forget this hack.. and try this https://vborg.vbsupport.ru/showthread.php?t=122986 be sure you will be glad ;) |
I can't figure out how the crap people redirect This?!!
Im removing it :( |
Quote:
If this is installed from scratch then it cannot be exploited. However, because of the the way the fix has been implemented - it is possible that it may still be exploitable if someone updated their older version to the new code, and they had customised the templates, but did not revert or re-edit those templates. This is because the older versions used $getstats_thread[title], the fix uses $getstats_thread[titletrimmed] - but the old variable is still available, and if displayed by an old template, will still cause a redirect. The best workaround to this is to make sure you revert any old topXstats templates. The author should fix this properly by making sure that the old variable $getstats_thread[title] is either removed, or also made 'harmless' by using htmlspecialchars(). |
yeah I havent had a problem Paul since the fix but others are claiming they are so I told them to report it if so.
|
Hello,
Thread preview, it is possible (lasts threads) ? Tks, C?dric ;) |
| All times are GMT. The time now is 11:50 PM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
| X vBulletin 3.8.12 by vBS Debug Information | |
|---|---|
|
|
 More Information |
|
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|