vb.org Archive
Page 14 of 16 « First 41213 14 1516
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.7 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=228)
-   -   Miscellaneous Hacks - Cyb - Login To User Account (https://vborg.vbsupport.ru/showthread.php?t=177947)

Gsmdenis 04-09-2009 03:38 PM
Confirm the bugs, Hope Cybernetec fix that soon :-)))))

Golzarion 04-09-2009 05:05 PM
I mention and said the warning on : https://vborg.vbsupport.ru/external/2009/04/27.gif 14 Jan 2009, 00:48

https://vborg.vbsupport.ru/showpost....7&postcount=12

This plugin has many bugs ! Specially when you use vbseo or some kind of rewrite_mods !!

It seems some how funny ! because an Administrator use this plugin to log in to user account and read private messages and so on .. BUT the Administrator causes to "hijack" his/her own account first ! and make an unwanted dangerous bug in his/her own forums!!

Phobos49 04-09-2009 05:30 PM
I am still wondering why this 3.7 version is not already in the graveyard like the 3.8 version. :mad:

This version has the same severe security bug!!! :(

Send it to the graveyard at once and inform every user of this addon by email to deactivate it like you did this morning with the 3.8 version!

How long are you going to wait? Until many users complain, that their forums have been nuked?! :confused:

Come on! It's never been easier than today to get full control over a foreign vB by just modifing your browsers URL! :mad:

jesus likes pie 04-09-2009 07:34 PM
Is this safe without an SEO?

Phobos49 04-09-2009 08:01 PM
Quote:
Originally Posted by jesus likes pie (Post 1787619)
Is this safe without an SEO?
NO! It does not matter if you have SEO installed or not. In both cases any account in your forum can be hijacked as long as you don't disable this AddOn.

jesus likes pie 04-09-2009 08:53 PM
Okay, I think this should fix it.

Try it out and see if you can still exploit it.

note: the attached plugin originates from the 3.8 version which is now in the graveyard, but it should probably work for 3.7 as well :)

edit: er, apparently vBulletin doesn't prompt you to overwrite plugins which is kinda lame (heh, been a while since I've uploaded plugins rather than products).

You should delete "Cyb - Login To User Account - MI" and then upload my attachment.

TheCatcher 04-14-2009 10:34 AM
Thx for Version 2.3 (re-installed) :-)

NolF 04-14-2009 10:59 AM
Awesome, thanks for the update :D

wfouly 04-14-2009 11:11 AM
many thanks
Installed and working well with 3.8.2

Sixpackmark 04-14-2009 01:33 PM
Thanks again! Re-installed


All times are GMT. The time now is 11:37 PM.
Page 14 of 16 « First 41213 14 1516
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01336 seconds
  • Memory Usage 1,735KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete