vb.org Archive
Page 2 of 5 1 2 34 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   ibProArcade Archive (https://vborg.vbsupport.ru/forumdisplay.php?f=174)
-   -   ibProArcade v2.7.2+ coming (https://vborg.vbsupport.ru/showthread.php?t=279033)

BirdOPrey5 02-23-2012 07:15 PM
Quote:
Originally Posted by MentaL (Post 2302745)
injection on arcade.php. Allowed a user to gain the MD5 and salt of any user it requested. best way to check if you are infected is to search for the following in your logs

Code:
Arcade&do=stats&comment=a&s_id=
If you find injection then follow it up.
For those not as tech minded it means a hacker could crack the password for any user on your site.

It would be a good idea to change the passwords of all admin accounts on your site if you had this mod installed.

viper357 02-23-2012 07:21 PM
Quote:
Originally Posted by MentaL (Post 2302745)
injection on arcade.php. Allowed a user to gain the MD5 and salt of any user it requested. best way to check if you are infected is to search for the following in your logs

Code:
Arcade&do=stats&comment=a&s_id=
If you find injection then follow it up.
Sorry for the noob question but which logs must we look at and where do we find them? Thanks.

MentaL 02-23-2012 07:47 PM
Quote:
Originally Posted by viper357 (Post 2302756)
Sorry for the noob question but which logs must we look at and where do we find them? Thanks.
web server logs, cpanel users can find them in /home/username/logs

Schoelle 02-23-2012 07:49 PM
Thanks MentaL.
No entries in my logs.

garyb12001 02-24-2012 04:06 PM
Any updates as to when the new version might be released? Thanks!

Mark.B 02-24-2012 10:37 PM
Once again we have no updates to a critical modification. Mr Zeropage implies that the update is with vBulletin.org staff for verification. Could we at least have an update regarding timescales? If there's an issue than fair enough, but as usual with vb these days, we are simply left in the dark.

PossumX 02-25-2012 01:02 AM
Anxiously awaiting update :) Customer of mine is having a coronary over this, more so, his members ...

Mark.B 02-25-2012 12:47 PM
It would be nice for someone to update us on what on Earth is going on here.

I am not criticising the mod author here incidentally.

A statement has been made telling us to pull the most popular modification by many multiples. This then cripples many of our sites, or puts us at risk of being hacked.

A further statement is made stating that a patch has been made and will be released within 24 hours.

Two and a half days later - no patch, no further statement, abject silence from everyone.

If there's a delay in the patch because an issue has been found, then fine - but please tell us.

Instead, it seems everyone is content to hammer further nails into the coffin of forums, many of whom are already losing members to Facebook hand over fist.

We all gave our members an update and now WE look like we're the ones ignoring THEM, because vbulletin.org is ignoring US.

I am not complaining about the lack of a patch - I am complaining about the lack of updates.

durruti 02-25-2012 02:54 PM
Quote:
Originally Posted by MentaL (Post 2302769)
web server logs, cpanel users can find them in /home/username/logs
Noob question, I can't really find what you're referring to but are you referring to Raw Access Logs?

BirdOPrey5 02-25-2012 04:06 PM
There was an SQL injection exploit identified for this mod.

After confirming it I quarantined the mod.

I have discussed the exploit with the mod author and am waiting for him to upload a fixed version.

I am keeping a close eye on this and hope to approve the update as quickly as I can once I get it.


All times are GMT. The time now is 11:16 AM.
Page 2 of 5 1 2 34 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01003 seconds
  • Memory Usage 1,739KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_code_printable
  • (4)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete