vb.org Archive
Page 4 of 5 « First 23 4 5
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 4.x Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=245)
-   -   BB Code Enhancements - BB Code (flash animations .swf) (https://vborg.vbsupport.ru/showthread.php?t=235131)

safakuygur 07-29-2010 12:45 PM
good thanks

Terrona 07-29-2010 12:52 PM
waiting update v 4.0.5

WriteToEnlight 08-02-2010 01:36 PM
Quote:
Originally Posted by Terrona (Post 2076265)
waiting update v 4.0.5
Me too, or should I say soon 4.0.6 ;)

BirdOPrey5 08-07-2010 10:32 PM
Another vote for this being a serious security issue... I won't ever post in this thread again but I could not ignore this without warning people to seriously research the issue if they don't understand the risks in this. Limiting the use to trusted admins is an absolute minimum.

firattetik 08-18-2010 10:36 AM
thanks

OldSchoolDSL 02-04-2011 03:46 AM
Installed & working

4.1.1

abumohamed 04-18-2011 05:11 AM
It works on 4.1.3
THANKS

syrus.xl 04-18-2011 01:12 PM
Quote:
Originally Posted by SEW810 (Post 1976385)
yeah, specially if you execute it /open it manually.
NEVER a swf animation executed on a web page will interact with your hard disk files, Macromedia has implemented policies to avoid this kind of actions
Obviously, you are not a flash author or you would know that statement is completely incorrect. Flash SWF files on any webpage are executed automatically upon page load. Anyone that knows actionscript could easily upload and cause serious damage to any forum that has this modification enabled.

Quote:
Interesting, it says something about interact with a program INSTALLED in your har disk, oh and dowload that file... oh yeah, I got it, "virus attack if I DOWNLOAD an swf file, save it on My Documents or something and then I open it" .... Jesus, what's that for??, did you forget that you were surffing the internet and visiting a forum? ?? Don't do experiments if you don't know what you are doing.
Any forum carrying this sort of modification is leaving itself open to security issues. By the way, SWF files are cached directly to your system, so in affect they are downloaded. Here's just one example... Open up Flash, in the first frame add this code:

Code:
var url:String = "http://www.google.com";
var request:URLRequest = new URLRequest(url);
try {
        navigateToURL(request, "_self");
} catch (e:Error) {
        trace("Error occurred!");
}
This is AS3.0 code..

Now you have a redirect, if anyone hits the post containing the uploaded SWF file. Even more dangerous is if the code is far more malicious. The above code could easily redirect a person to another site containing a trojan which would infect their systems or even coded as a XSS exploit.

Quote:
Totally inofesive that code, I repeat, is the same code used on http://www.msn.com/ at Advertisement, or at http://www.nfl.com/ or any site with flash animations.
These advertisements are added by web development teams and would under go strict QA before being allowed on a page. The only part that is safe about this code is the embed code, but even this breaks Strict xHTML W3C policies, check your coding regarding embedding flash correctly on a webpage and consider vB4 uses Strict xHTML, so by using this coding you are straight away breaking the Strict xHTML of vB4.

Quote:
Please people, don't worry... be happy :)

If you don't want to take "the risk", please just don't install it.
Sharing this bb code wont help me to hack your site or get your bank account PIN or something.
Nobody would be happy with a hacked database, or a forum that is infecting peoples systems. Eventually, Google would place a 'Red' Alert page for malicious code if the problem was not dealt with. This is a very serious security hole to add to vBulletin and in my opinion like many others on here, should be removed for peoples safety, at least.

thecore762 03-25-2012 05:03 AM
This works perfectly with vB 4.1.11!

yuchan 03-30-2012 05:18 PM
works perfectly with Version 4.1.3 too


All times are GMT. The time now is 01:03 PM.
Page 4 of 5 « First 23 4 5
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01158 seconds
  • Memory Usage 1,740KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (5)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete