vb.org Archive
Page 3 of 11 12 3 45 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vbBux / vbPlaza (https://vborg.vbsupport.ru/forumdisplay.php?f=171)
-   -   vbBux / vbPlaza v1.5.8 has been released! (https://vborg.vbsupport.ru/showthread.php?t=121138)

Detomah 02-06-2007 08:52 PM
Quote:
Originally Posted by CMX_CMGSCCC (Post 1176104)
Unfortuntely my real job has had me in shambles as of late, too many games to make cheat codes for, and other projects at work. So I havent had much time for vbBux / vbPlaza.

I am, however, working on a v2 version with a much more cleaned up coding engine, as well as a crapload of new features, items for purchase in the vbPlaza.

But as far as a release goes, I'm not sure, I've started it a little at a the www.vbplaza.com URL, but I'm not sure the url is public as of yet either, due to it still having a bit that needs completing. (I'd say its about 75% finished currently.)

I hope to try and finish it up soon, but I honestly cant give an accurate ETA as of yet. I apologize for the inconvenience, but I can also assure u, it will be worth the wait.

ALSO: I've been away for a while and noticed a ton of posts about the v1.5.8. I do not have time to reply to every single post, and with the amount of rewrite that has occurred in the v2 version I am currently working on, it would be even more time involving to check on every problem as the problem may not exist anymore in the v2 version I'm writing. I apologize for any inconvenience this may cause.

-CMX
I for one fully appreciate the pressure and stresses of real life outside of this stuff that you and probably many others, including myself go through all to often and I appreciate the time you've given up to create vbplaza and everything you have done to date and know you will continue to improve it again once time becomes available to you.

However, in the mean time, myself and probably every single other person who has the vbplaza hack instally would seriously appreciate you even more, if you would be willing to sacrifice a little time to find out exactly what the current exploits with vbplaza are and releasing a fix for them as quickly as you possibly can, so that we may continue to use this superb hack without fear of our sites being exploitable. I would personally even go so far as to make a generous donation to you via paypal for such a service, as vbplaza has become an essential part of my website.

WhyDoesItMatter 02-06-2007 09:29 PM
Quote:
Originally Posted by CMX_CMGSCCC (Post 1176016)
Tell me how it's being exploited and then I can release a fix for it.

I mean, I'm the creator of the addon. (PM me the details.)

-CMX
Omg you're back! Welcome back! Wow so shocked to see you, yet so happy.. woohoo

Deimos 02-06-2007 09:37 PM
Good to see ya back CMX

Acers 02-07-2007 02:31 AM
Quote:
Originally Posted by Acers (Post 1175961)
here is a temporary fix, i have tested this locally only for the donate function and its working as far as this exploit goes, and since the same logic can be taken for other places where its used we can replace there

go to your vbplaza folder, find occurrences of the following:
includes/function_vbplaza.php
find around line 152(depending on the version you have)

PHP Code:
$message strip_tags($message); 
make that
PHP Code:
$message htmlspecialchars($message); 
go to
vbplaza/action.admindonate.php (line 133)
PHP Code:
$action['reason'] = strip_tags($action['reason']); 
make that
PHP Code:
$action['reason'] = htmlspecialchars($action['reason']); 

goto
vbplaza/action.changeotherusertitle.php (line 136)
PHP Code:
$newusertitle_stripped strip_tags($newusertitle); 
make that
PHP Code:
$newusertitle_stripped htmlspecialchars($newusertitle); 

goto
vbplaza/action.changeusertitle.php (line 87)
PHP Code:
$newusertitle_stripped strip_tags($newusertitle); 
make that
PHP Code:
$newusertitle_stripped htmlspecialchars($newusertitle); 

goto
vbplaza/action.donate.php (line 164)
PHP Code:
$action['reason'] = strip_tags($action['reason']); 
make that
PHP Code:
$action['reason'] = htmlspecialchars($action['reason']); 



goto
vbplaza/action.gift.php (line 209)
PHP Code:
$action['giftmessage'] = strip_tags($action['giftmessage']); 
make that
PHP Code:
$action['giftmessage'] = htmlspecialchars($action['giftmessage']); 

goto
vbplaza/action.ribbons.php (line 218)
PHP Code:
$action['ribbonmessage'] = strip_tags($action['ribbonmessage']); 
make that
PHP Code:
$action['ribbonmessage'] = htmlspecialchars($action['ribbonmessage']); 
Just changes the the php function with vb's own cleaning class.

includes/function_vbplaza.php(line 152)

PHP Code:
$message strip_tags($message); 
make that
PHP Code:
$message $vbulletin->input->clean($messageTYPE_NOHTML); 
go to
vbplaza/action.admindonate.php (line 133)
PHP Code:
$action['reason'] = strip_tags($action['reason']); 
make that
PHP Code:
$action['reason'] = $vbulletin->input->clean($action['reason'], TYPE_NOHTML); 

goto
vbplaza/action.changeotherusertitle.php (line 136)
PHP Code:
$newusertitle_stripped strip_tags($newusertitle); 
make that
PHP Code:
$newusertitle_stripped $vbulletin->input->clean($newusertitleTYPE_NOHTML); 

goto
vbplaza/action.changeusertitle.php (line 87)
PHP Code:
$newusertitle_stripped strip_tags($newusertitle); 
make that
PHP Code:
$newusertitle_stripped $vbulletin->input->clean($newusertitleTYPE_NOHTML); 

goto
vbplaza/action.donate.php (line 164)
PHP Code:
$action['reason'] = strip_tags($action['reason']); 
make that
PHP Code:
$action['reason'] = $vbulletin->input->clean($action['reason'], TYPE_NOHTML); 



goto
vbplaza/action.gift.php (line 209)
PHP Code:
$action['giftmessage'] = strip_tags($action['giftmessage']); 
make that
PHP Code:
$action['giftmessage'] = $vbulletin->input->clean($action['giftmessage'], TYPE_NOHTML); 

goto
vbplaza/action.ribbons.php (line 218)
PHP Code:
$action['ribbonmessage'] = strip_tags($action['ribbonmessage']); 
make that
PHP Code:
$action['ribbonmessage'] = $vbulletin->input->clean($action['ribbonmessage'], TYPE_NOHTML); 

rjmjr69 02-07-2007 04:59 AM
Well its great the author is back. I look forward to seeing version 2.0 real soon I hope. I too am willing to make a nice donation if it gets things done a bit faster....

sim tech 02-07-2007 05:19 AM
This is one of the most popular mods on my board as well.

wilburshere 02-07-2007 05:41 AM
excellent ill keep it disabled until v2 comes out

this mod was a huge feature on my sites as well

BTW welcome back we did miss you

Zia 02-07-2007 08:30 AM

Where Have u been for a long time ?

We r waiting for the fix...

thnx

Shazz 02-07-2007 12:45 PM
You all welcome back CMX_CMGSCCC for a FIX and not actually just giving him time to do so.

xchewbaka 02-07-2007 06:03 PM
Thank you Acers for your work :-)

realy good job , works fine

da420 02-07-2007 06:40 PM
Quote:
Originally Posted by Zia (Post 1176643)
We r waiting for the fix...
Addiction is a terrible thing.

X-Files 02-08-2007 06:32 PM
Is this what we need to patch this? Can someone provide a definitive answer? I think this version at least needs a fix applied since we have no idea when v2 will be out.

Quote:
Originally Posted by Acers (Post 1176508)
Just changes the the php function with vb's own cleaning class.

includes/function_vbplaza.php(line 152)

PHP Code:
$message strip_tags($message); 
make that
PHP Code:
$message $vbulletin->input->clean($messageTYPE_NOHTML); 
go to
vbplaza/action.admindonate.php (line 133)
PHP Code:
$action['reason'] = strip_tags($action['reason']); 
make that
PHP Code:
$action['reason'] = $vbulletin->input->clean($action['reason'], TYPE_NOHTML); 

goto
vbplaza/action.changeotherusertitle.php (line 136)
PHP Code:
$newusertitle_stripped strip_tags($newusertitle); 
make that
PHP Code:
$newusertitle_stripped $vbulletin->input->clean($newusertitleTYPE_NOHTML); 

goto
vbplaza/action.changeusertitle.php (line 87)
PHP Code:
$newusertitle_stripped strip_tags($newusertitle); 
make that
PHP Code:
$newusertitle_stripped $vbulletin->input->clean($newusertitleTYPE_NOHTML); 

goto
vbplaza/action.donate.php (line 164)
PHP Code:
$action['reason'] = strip_tags($action['reason']); 
make that
PHP Code:
$action['reason'] = $vbulletin->input->clean($action['reason'], TYPE_NOHTML); 



goto
vbplaza/action.gift.php (line 209)
PHP Code:
$action['giftmessage'] = strip_tags($action['giftmessage']); 
make that
PHP Code:
$action['giftmessage'] = $vbulletin->input->clean($action['giftmessage'], TYPE_NOHTML); 

goto
vbplaza/action.ribbons.php (line 218)
PHP Code:
$action['ribbonmessage'] = strip_tags($action['ribbonmessage']); 
make that
PHP Code:
$action['ribbonmessage'] = $vbulletin->input->clean($action['ribbonmessage'], TYPE_NOHTML); 

fly 02-08-2007 06:52 PM
<font size="5">CMX, WHERE CAN I SEND DONATIONS TO? THANKS FOR COMING BACK!</font>

silvermerc 02-08-2007 07:16 PM
Erm....I can't download it for some reason.The link to the thread is broken

zappsan 02-08-2007 07:26 PM
Welcome back, CMX :)

Quote:
Originally Posted by silvermerc (Post 1177822)
Erm....I can't download it for some reason.The link to the thread is broken
Yes, there was a security problem so the hack has been removed.

Shazz 02-08-2007 08:30 PM
Could have just closed the thread.
Now many people are going to be confused where to get the store

kjhkjh 02-09-2007 03:47 AM
Err... I want this hack, never installed it before, have seen the security threat mentioned, seems to be a fix a few posts above me... but does anyone know if a new version is coming out or if there is somewhere that I can download the current version from and fix it?

Thx

sinpeople 02-09-2007 01:39 PM
Never experienced this before. Anyone can tell typically how long such issue can be closed?

If it takes more than one month, maybe consider other point system is a not bad choice.
Thanks.

hitboy 02-09-2007 02:47 PM
Quote:
Originally Posted by sinpeople (Post 1178376)
Never experienced this before. Anyone can tell typically how long such issue can be closed?

If it takes more than one month, maybe consider other point system is a not bad choice.
Thanks.
Another point system? lol uh there alot of people on here that have been using the hack for months that would screw everything up and as far as i can see for 3.6.4 there is only icash and its very simple mod its good but not the best alternative compared to vbbux

Aclikyano 02-09-2007 06:04 PM
This hack has an EXPLOIT IN IT !.
a few sites as I recall somewere on this board were HACKED thru the donation feature!.
it has been removed until the ex is fixed.

HPIA 02-09-2007 06:55 PM
/me lubs CMX

Shazz 02-09-2007 07:26 PM
Quote:
Originally Posted by Aclikyano (Post 1178591)
This hack has an EXPLOIT IN IT !.
a few sites as I recall somewere on this board were HACKED thru the donation feature!.
it has been removed until the ex is fixed.
Yes, there should be a announment in the vBplaza forum about it..

Brandon Sheley 02-09-2007 08:28 PM
Quote:
Originally Posted by Shazz (Post 1177878)
Could have just closed the thread.
Now many people are going to be confused where to get the store
actually, close the thread and we have no clue, but remove the file and no one else will be infected and we know whats going on.


just my 2 cents on that

i hope a fix is found soon, altho I don't use this hack, I know many ppl that do.

Shazz 02-09-2007 09:29 PM
Quote:
Originally Posted by Loco.M (Post 1178670)
actually, close the thread and we have no clue, but remove the file and no one else will be infected and we know whats going on.


just my 2 cents on that

i hope a fix is found soon, altho I don't use this hack, I know many ppl that do.
Closing thread removing file, posting one final post on the exploit would answer many questions and wouldn't confuse anyone who is looking for it..

my 2 cents :D

fly 02-09-2007 09:35 PM
Closing thread, posting code to exploit hack, eating cookies, kick a dead horse..

I think that should be the order

my 2 cents

Ski-Whiz 02-10-2007 09:02 PM
I think they (staff here), should at least provide some feedback to the members which have it installed..

We don't have any clue whether it was only the donation part in which it was exploited. We are guessing at the fix. Now I know CMX knows, but to just uninstall the mod/hack is not an option for most.

Now I have disabled it, but how long do we have to wait before they release the exploit? I mean if CMX is busy, then at least let some coders know, so they can give temp advice etc..

Just my $.02.....

Universal 02-11-2007 04:12 AM
Quote:
Originally Posted by Ski-Whiz (Post 1179426)
I think they (staff here), should at least provide some feedback to the members which have it installed..

We don't have any clue whether it was only the donation part in which it was exploited.

Below was said in another thread. Even though they do not mention how the exploits work, it does mention other exploits involved. I agree in part with them not sharing the in-depth information as then coders might even take advantage of the exploit themselves, although some people have mentioned what the main exploit is.

Quote:
Originally Posted by Paul M (Post 1175904)
Artificial_Alex reported an exploit which we investigated and confirmed - not only that but the investigations revealed other exploits in the code as well. As per our policy on such matters, the modification has been removed until such time as the holes are fixed.
Quote:
Originally Posted by Paul M (Post 1175904)
The staff are not here to fix broken/exploited modifications, occasionally one may do so if they have the time (or use the mod themselves) but that's all. Fixing is the responsibility of the author.

This is part of the email people got who clicked install for this hack.

Quote:
Official Security Exploit Warning:

The staff has been notified of a potential XSS vulnerability in the vbBux / vbPlaza modification. We have confirmed the exploit along with additional exploits in varying degrees. This notification is to serve as an official warning - it is HIGHLY recommended that you disable/uninstall the modification until a fix is provided.

Hope that helps a bit.

fly 02-11-2007 05:24 AM
Quote:
Originally Posted by Ski-Whiz (Post 1179426)
I think they (staff here), should at least provide some feedback to the members which have it installed..

We don't have any clue whether it was only the donation part in which it was exploited. We are guessing at the fix. Now I know CMX knows, but to just uninstall the mod/hack is not an option for most.

Now I have disabled it, but how long do we have to wait before they release the exploit? I mean if CMX is busy, then at least let some coders know, so they can give temp advice etc..

Just my $.02.....
You sure are asking a lot for the price. Maybe you should pay with your hard earned time to fix it for us

hitboy 02-11-2007 12:21 PM
I dont think the staff should fix it nor say anything but they should at least tell the orginal coder of this new exploits so it can be fixed lol just my 2 cents

Zia 02-11-2007 04:46 PM
Quote:
Originally Posted by hitboy (Post 1179851)
I dont think the staff should fix it nor say anything but they should at least tell the orginal coder of this new exploits so it can be fixed
i gez staff inform the author.
So far i can remember ecDownlods by R0n1n also had exploit problem.By this time R0n1n got inactive.The co-author Westpointer(dont know he changed his nick to something) pick that up and release a new ver. with new name.

with that ref. i think CMX got information. only staff can confirm weather they inform or not.


but qus is that how long it will take to get the fix....
See here..
https://vborg.vbsupport.ru/showpost....8&postcount=37

MThornback 02-12-2007 04:28 AM
How bout we all cool it and give the author time to work this out...I'm sure we all got what we paid for....so "are we there yet" isn't spurring faster work so much as annoyance....

msorin 02-12-2007 02:41 PM
Can anyone tell me why I can't access https://vborg.vbsupport.ru/showthrea...hreadid=106953 ??? I get a message that says that I do not have permission to access this page.

Thank you

Shazz 02-12-2007 02:42 PM
Because they have removed the vBPlaza to a closed part of the site

ehsanix 02-12-2007 03:47 PM
so what this means?

fly 02-12-2007 04:04 PM
Quote:
Originally Posted by ehsanix (Post 1180718)
so what this means?
It means don't use it.

rjp0615 02-12-2007 05:04 PM
perhaps for the simple ppl, maybe someone can reup vbplaza with the code modification?

fly 02-12-2007 05:52 PM
Quote:
Originally Posted by rjp0615 (Post 1180789)
perhaps for the simple ppl, maybe someone can reup vbplaza with the code modification?
No one is even 100% sure what the exploit is, so that's not possible.

Shazz 02-12-2007 07:42 PM
Quote:
Originally Posted by flypaper (Post 1180817)
No one is even 100% sure what the exploit is, so that's not possible.
Actually a couple people do or more, They don't want to speak out of it though due to security purpases

fly 02-12-2007 08:10 PM
Quote:
Originally Posted by Shazz (Post 1180923)
Actually a couple people do or more, They don't want to speak out of it though due to security purpases
Well then it stands to reason they don't want us to know how to fix it then either, correct?

Shazz 02-12-2007 08:14 PM
Quote:
Originally Posted by flypaper (Post 1180953)
Well then it stands to reason they don't want us to know how to fix it then either, correct?
CMX or someone else in future time will have the fix or the whole vBplaza up-reloaded don't know the exact details


All times are GMT. The time now is 08:25 AM.
Page 3 of 11 12 3 45 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01739 seconds
  • Memory Usage 1,916KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (42)bbcode_php_printable
  • (21)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (40)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete