vb.org Archive - Zip Attachments

Page 2 of 3

Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vBulletin 3.5 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=113)

- - Zip Attachments (https://vborg.vbsupport.ru/showthread.php?t=100933)

FleaBag

11-16-2005 04:51 PM

Yeah this is nice!

puertoblack2003

11-16-2005 05:14 PM

love it ******INSTALLED**********

Snake

11-16-2005 06:25 PM

Nice!

theArchitect

11-16-2005 08:22 PM

Quote:

Originally Posted by Jafo232

There really isn't one. Your users currently have the right to upload zip files I assume? If so, there really is no difference.

You are correct that this hack is not a security risk as most forums will allow the uploading of .zip files.

I think that OK was saying was that .zip files in general can be a security risk. Just as when you get a virus e-mail with a .zip file in it and the recipient thinks, "what is in the .zip file". They open it and hey presto a virus leaps out at them.

akanevsky

11-16-2005 10:29 PM

Where did you get this version of zip.lib.php from?

Jafo232

11-16-2005 11:59 PM

Quote:

Originally Posted by Psionic Vision

Where did you get this version of zip.lib.php from?

http://www.weberdev.com/get_example-4066.html

akanevsky

11-17-2005 12:27 AM

Quote:

Originally Posted by Jafo232

http://www.weberdev.com/get_example-4066.html

Thanks :)

silurius

11-17-2005 12:44 AM

Based on what I am reading in this thread, my assumption is that this hack does not actually look at the file types being uploaded prior to zipping them up into an archive? Even if this is true it's still a great hack.

I still think some overview of general .zip security considerations may be in order, even if this particular hack doesn't fundamentally alter anything.

Jafo232

11-17-2005 04:39 AM

Quote:

Originally Posted by silurius

That may be the case, but unless your unzip utility is a trojan, unzipping files will not cause you to be infected.

If you already allow the zip extension, then this extension is for you, otherwise, wait until I release the version that scans files for virii..

Jafo232

11-17-2005 04:43 AM

Quote:

Originally Posted by silurius

Based on what I am reading in this thread, my assumption is that this hack does not actually look at the file types being uploaded prior to zipping them up into an archive?

The unmodified version of XB does not check file types IN a zip file, but yet accepts them.

All times are GMT. The time now is 01:08 PM.

Page 2 of 3

Show 40 post(s) from this thread on one page

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.00984 seconds Memory Usage 1,738KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (5)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (2)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: