vb.org Archive
Page 2 of 3 1 2 3
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   News and Announcements (https://vborg.vbsupport.ru/forumdisplay.php?f=2)
-   -   Urgent: XSS vulnerability in RC 2, 3 & 4 - fix available! (https://vborg.vbsupport.ru/showthread.php?t=61537)

Xenon 03-14-2004 11:48 AM
just compare the old init.php to the new one and add the changes to your hacked one :)

djohn 03-14-2004 12:19 PM
Is there any special software to do this?

Xenon 03-15-2004 01:23 PM
as mentioned on vbulletin.com

Beyond Compare by ScooterSoftware for example

NTLDR 03-18-2004 02:12 PM
Two more files have XSS issues in them (forumdisplay.php and showthread.php). Patched versions can be found here http://www.vbulletin.com/forum/showp...94&postcount=4

Sebastian 03-18-2004 03:32 PM
wow lame. every single released vb3 version has had a security patch. i left phpbb due to security holes for nothing :P

thats what happens when you use those stupid 'globalize' arrays... thanks to those that run a server with register globals.. gg.

Dean C 03-18-2004 05:11 PM
Well the globalize does it's best to clean data - it can only do so much though. Bare in mind the gold and first main release has not been released so you installed the beta's and release candidates at your own risk :) A security audit has been done in vB3 so you should see a lot less after gold :)

Gio Takahashi 03-18-2004 07:32 PM
Quote:
wow lame. every single released vb3 version has had a security patch. i left phpbb due to security holes for nothing :P

thats what happens when you use those stupid 'globalize' arrays... thanks to those that run a server with register globals.. gg.
Well vB3 was still in its beta. ITs something that is really expected. Aftregold its rare.

Sebastian 03-18-2004 08:10 PM
Quote:
Originally Posted by Dean C
A security audit has been done in vB3 so you should see a lot less after gold :)
nice audit.. it was done a few weeks ago and they just found this hole ;)

Link14716 03-18-2004 09:32 PM
They never said they completed the audit, now did they? ;)

Brad 03-18-2004 09:38 PM
Bugs will always be found, no reason to get worked up over it.


All times are GMT. The time now is 06:39 PM.
Page 2 of 3 1 2 3
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.02118 seconds
  • Memory Usage 1,729KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete