Works on 3.8.0. gold!

the hack dont work in 3.7.5 any update ?

it works on 3.7.4 and on 3.8 so it should also work in 3.7.5 (as 3.7.5 is only a bug fix/maintenaince release)

Hi
vBulletin 3.8.1

on
https://vborg.vbsupport.ru/attachmen...6&d=1209821865

error :(

Database error in vBulletin 3.8.1:

Invalid SQL:
UPDATE cyb_logintouser حدد المراقبين = '91';

MySQL Error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'المراقبين = '91'' at line 1
Error Number : 1064
Request Date : Sunday, February 15th 2009 @ 06:27:44 PM
Error Date : Sunday, February 15th 2009 @ 06:27:47 PM
Script : http://www.XXXXX.com/vb/misc.php?do=cybltua_set_do
Referrer : http://www.XXXXXX.com/vb/misc.php?do=cybltua_set
IP Address : XXXXXXX
Username : XXXX

There will be an update for the VB version 3.8.1?

Same security issues with this one too on 3.8
________
Amateur Tube

I guess that this does not work on 3.8.1. Oh well, I will be be waiting for this to be released for the 3.8.x series!

Hoping for a 3.8 release soon as I use this with permission to view members problems they are having with their accounts.:)

Warning! Dangerous security bug!!!Read here: https://vborg.vbsupport.ru/showpost....8&postcount=62

Please stop sending PMs asking for the exploit-URL! Please!

I won't tell anybody exept vB-Staff and Cybernetec!

You don't have to worry! As soon as you deactivate this AddOn your forum is save again. You don't even need to uninstall. Just deactivate AddOn and wait for further instructions by Cybernetec or vB-Staff.

Confirm the bugs, Hope Cybernetec fix that soon :-)))))

I mention and said the warning on : https://vborg.vbsupport.ru/external/2009/04/27.gif 14 Jan 2009, 00:48

https://vborg.vbsupport.ru/showpost....7&postcount=12

This plugin has many bugs ! Specially when you use vbseo or some kind of rewrite_mods !!

It seems some how funny ! because an Administrator use this plugin to log in to user account and read private messages and so on .. BUT the Administrator causes to "hijack" his/her own account first ! and make an unwanted dangerous bug in his/her own forums!!

I am still wondering why this 3.7 version is not already in the graveyard like the 3.8 version. :mad:

This version has the same severe security bug!!! :(

Send it to the graveyard at once and inform every user of this addon by email to deactivate it like you did this morning with the 3.8 version!

How long are you going to wait? Until many users complain, that their forums have been nuked?! :confused:

Come on! It's never been easier than today to get full control over a foreign vB by just modifing your browsers URL! :mad:

Is this safe without an SEO?

NO! It does not matter if you have SEO installed or not. In both cases any account in your forum can be hijacked as long as you don't disable this AddOn.

Okay, I think this should fix it.

Try it out and see if you can still exploit it.

note: the attached plugin originates from the 3.8 version which is now in the graveyard, but it should probably work for 3.7 as well :)

edit: er, apparently vBulletin doesn't prompt you to overwrite plugins which is kinda lame (heh, been a while since I've uploaded plugins rather than products).

You should delete "Cyb - Login To User Account - MI" and then upload my attachment.

Thx for Version 2.3 (re-installed) :-)

Awesome, thanks for the update :D

many thanks
Installed and working well with 3.8.2

Thanks again! Re-installed

Thanks for the update. Can't live without this mod.

v2.3 - Apr 11. 2009.
-Bug fix (non-Admins able to login to user accounts in some cases)
-Bug fix (Admin can not search product entries in ModLog by product ID)
-Bug fix (logging error if username contains special characters)
-Bug fix (Admin must be member of usergroup 6 to use product)
-Minor bugs fixed

Upgrade Info:
-Import product XML, allow overwrite
-Revert product templates if any modified

This is why you received so many PMs? Anyhow thanks for highlighting this issue, we all owe you!

Great work

Thank you so much

Thank you

Thank you

Really useful tool. Thanks a lot! :)

I am getting an issue - i click on a users account - try to login - it says that i login to myself - not the intended user.

anyway to fix this issue?

Clear forum cookies, then try again.

Can you make it so that this mod has a off and on switch for a user to PM the user being logged into so that user knows if his account is being used by an admin?

Have bugs this plugins in modcp user.php i get this error

Warning: array_merge() [function.array-merge]: Argument #1 is not an array in [path]/modcp/user.php(348) : eval()'d code on line 29

When disable this plugins is ok

Merci i can use it

Are you planning a 4.x version?

Please, I loveit and it helps a lot solving users problems.

vB 4 version released here:
https://vborg.vbsupport.ru/showthread.php?t=233350

vb 4.0 update?
thx.

Thank you for this very useful tool.

Do you have a version for vBulletin 3.8.7? Thank you.

Updated:
Sorry I was tripping. Found new version here [https://vborg.vbsupport.ru/showthread.php?t=201286]