vb.org Archive
Page 40 of 80 « First 303839 40 414250 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   (split) IPB pro arcade development (https://vborg.vbsupport.ru/showthread.php?t=95321)

beacher 11-08-2005 05:30 AM
Quote:
Originally Posted by MrZeropage
Could not confirm that, please give me the link to your installation to check this out via PM, thx
Mrzero sent you a pm with the links ;)

Sooner95 11-08-2005 12:17 PM
Quote:
Originally Posted by JTyson
What version php are you using?

PHP5, now that you said that.. these v3 games I used on my old bbs, vb3.0 on php 4x.. so chances are they are useless..

Ahwell, now you all know what will happen when your hosts bump you to PHP5.. hehe

JTyson 11-08-2005 01:21 PM
Nah it doesnt have anything to do with php5 , The zip_open function that gives you the error has to be compiled into the php/apache core, When i wrote the installer i tested it on three machines with different hosting companies and assumed that most hosts did this by default, im currently working on a fix and should hopefully have something in the next couple of days, I'll forward it to MrZero when i have the fix so he can forward it on.

Them being on your old board wont make a difference as a zip file is a zip file regardless of php/vb version :)

Sooner95 11-08-2005 01:22 PM
ok cool... I wasnt sure.. i'm not much into the code..

Will await for the next release to test. Thx fellas..

soniceffect 11-08-2005 04:25 PM
answers my question then LOL

hobbes747 11-08-2005 04:55 PM
Can I volunteer for beta testing, please? We just got hit by someone trying to use the password exploit. :nervous:

Quote:
Originally Posted by dina
I don't see any remarks being made on the recent exploit they have found in the mod (it involves index.php and the ability to extract the password for any member on the board by entering a sql query in the URL ending with user id).
I saw this on a newsgroup today, but haven't seen it here so far.

nitro 11-08-2005 06:20 PM
Quote:
Originally Posted by hobbes747
Can I volunteer for beta testing, please? We just got hit by someone trying to use the password exploit. :nervous:
Theres an update for this http://www.ibproarcade.com/index.php?showtopic=7576

has been there not long after the exploit was posted on securityfocus

If theres a vulnerability in ibProarcade that affects both vB and IBP then you will find a patch posted at ibproarcade.com quite soon after publication of said vulnerability

I still dont know what they can do with a vB hashed pass unless they can also union a url login bypassing the vB scripted hashing

fly 11-08-2005 06:26 PM
Quote:
Originally Posted by nitro
Theres an update for this http://www.ibproarcade.com/index.php?showtopic=7576

has been there not long after the exploit was posted on securityfocus

If theres a vulnerability in ibProarcade that affects both vB and IBP then you will find a patch posted at ibproarcade.com quite soon after publication of said vulnerability

I still dont know what they can do with a vB hashed pass unless they can also union a url login bypassing the vB scripted hashing
I don't even see that in my mod_report.php file...

(but I'm using the vB3.5 version...)

hobbes747 11-08-2005 06:34 PM
Me neither. I'm using the 3.5x Beta 2 version.

This was the url that they were using. And they tried more than one before I caught it.

Code:
forums/index.php?act=Arcade&module=report&user=-1%20union%20select%20password%20from%20user%20where%20userid=2

nitro 11-08-2005 06:36 PM
It is there in all versions up to and inc the recent RC3


All times are GMT. The time now is 09:59 AM.
Page 40 of 80 « First 303839 40 414250 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01689 seconds
  • Memory Usage 1,740KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (5)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (2)pagenav_pagelinkrel
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete