|
Quote:
i tested with custom usergroups and it seems to be working fine... |
Problem solved!Thanks
|
Quote:
|
<font color="DarkRed">WARNING</font>
Hi, this script is currently NOT safe. A bot searched a dozen times for a malicious phrase and got a javascript redirect to load when the top searches were displayed. Luckily it was just a redirect that can easily be removed. I would disable search logging or fix the software ASAP less someone with a lot more evil intentions starts poking around. |
Quote:
many thanx for ur interest, but I dont know how you consider this to be Not safe! as tags are removed on listing queries on forumhome, notice this code snippet, taken from the product: PHP Code:
I see that this is enough to trim any malicious codes, as javascript tags are removed b4 listed on page to unserstand what im saying please try to search for Code:
<script, language="javascript">alert('hello');</script>thanx for ur interest again, and looking forward to hear from you :) Regards Mahmoud |
It is unsafe, I got hacked, and this link http://www.aktifmadde.com/hacked.html replaced my forumhome. I searched my tables, and found it in the coder_search table. See the attached images.
|
Quote:
|
I read that post, but I don't get what you are saying... I did get hacked through this product... are you saying it's something I did wrong? :)
|
Quote:
|
It was definitely in the search results code, unmodified, as I downloaded it two weeks ago. As soon as I deleted that one entry, the redirect stopped.
I wish I saved a snapshot of the code before I deleted it. It wasn't simply a Javascript tag that they posted. The link that displayed actually looked something like this: '''''""">>>>>>''>>. Whatever complicated string they fed in, it survived the code stripping process. I don't believe that strip_tags() on its own can sufficiently clean the input to stop all attacks. Everything I'm reading now suggests that you should run htmlspecialchars() afterwards. There have been a number of vulnerabilities where strip_tags() misses an embedded tag OR the browser will auto-correct a malformed tag. For example, last year there was a bug where strip_tags() would ignore <0script> but Internet Explorer would filter out the zero for some reason. That's not happened in this case, but it may have been something similar. |
That's the same site that got me!
Here's my forum_complete: Code:
$allowed_groups = @explode(",", $vbulletin->options['setting_searchstats_showgroups']); |
Looking at the code in 4x4 Mecca's screenshot, I think that htmlspecialchar() could fix the problem by replacing those brackets with < and >
|
sorry !!!!!!
indeed the MOD is not safe for all i removed the attachment & updated the thread..... |
bad think, i really enjoyed this great MOD!
do you update the MOD soon? |
Great MOD!
I hope that you will fix it soon! :) |
I have removed the code from FORUMHOME and deleted the product. What file deletions should I make? Are there any other steps to removing this mod completely?
|
I would love to see this fixed/updated
|
Would be great if we can get this back! I marked it as one to install (but never downloaded it).
-vissa |
if this isn't going to be fixed can it at least be moved to the graveyard?
|
سؤال اخي محمد متى تنزل نسخه محميه من هذا الهاك
وشكرا لجهودك الكريمه جزاك الله خير |
Where can I download this mod?
|
Werd, also looking for the download.
|
Looks like the mod had been abandoned after VB guys removed it. Is there any updates!
|
thanks
|
will that mod be able for download in close time?
|
Is there any alternative mod to track vb searches till files are restored for this mod?
|
How many queries does this do on the Forumhome and in the admin CP?
|
Files are gone? Whyz. :(
|
Damn! Need this mod!!!!!!!!!
|
| All times are GMT. The time now is 03:34 AM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
| X vBulletin 3.8.12 by vBS Debug Information | |
|---|---|
|
|
 More Information |
|
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|