vb.org Archive
Page 4 of 4 « First 23 4
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin.org Site Feedback (https://vborg.vbsupport.ru/forumdisplay.php?f=7)
-   -   Exposing the user to harm (https://vborg.vbsupport.ru/showthread.php?t=151083)

hambil 07-03-2007 10:07 AM
Quote:
Originally Posted by bashy (Post 1281785)
The email is a good idea to all installers of the hack...I certainly would prefer to receive an email to let me know!



I agree totally, but, then again, it shouldn't be an issue if the installers of the hack
disabled it, if they haven't, then its their own fault, they have been warned, Twice...
As you are aware, it only sends an email to people who have marked install. And the thread update will only reach people who have subscribed to the thread (actually not, even that, because I never got a subscription notice when the thread was updated and moved).

We are all very much aware that the installed number only represents a portion of the actual installs.

In a recent vbBux thread, the problem is referred too as a 'security exploit' which is a better way to go.

Paul M 07-03-2007 12:00 PM
How it should be worded is always debatable, everyone has their own views.

I believe users should be told whether it's XSS or MySQL or whatever - without further details you cannot exploit it anyway.

nexialys 07-03-2007 12:52 PM
with any detail like "sql inject" or "xss exploit", you can exploit any hack because they are not encoded... with a hack with a single sql query, it is easy to learn how the inject can be done...

if instead you contact the coder, that coder make the change in a reasonable delay, and then update his script without noting the exploit, it would be infinate the risk of a hacker trying to reproduce the exploit and profit from it...

and btw,as anybody can suggest changes to a hack to the coder, why not providing a fix yourself as you already know the exploit, so the coder simply have to update its release... this is a community of sharing after all...

hambil 07-03-2007 12:56 PM
I'd also recommend that as new exploits are discovered, they are given examples, along with the fix, in the private coders forum - probably in a sticky, indexed thread. This way coders can keep up on their old hacks, and avoid possible problems with their new ones.


All times are GMT. The time now is 03:56 PM.
Page 4 of 4 « First 23 4
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.00998 seconds
  • Memory Usage 1,721KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (4)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete