vb.org Archive - HelpDesk v1.63

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vBulletin 3.0 Full Releases (https://vborg.vbsupport.ru/forumdisplay.php?f=33)

- - HelpDesk v1.63 (https://vborg.vbsupport.ru/showthread.php?t=77155)

Very odd. Let me look into this.

Find anything out yet? =\

Quote:

Originally Posted by xYarub

Find anything out yet? =\

Hey WhSox21

Superb hack matey... spot on.

I appreciate you have a hard time managing all the feature requests when they are posted in here, but is there any way you might be able to either post the updated feature request list here, or perhaps create a page on your site where we could see the list...? Maybe even with a status on each feature i.e. if you're thinking of implementing it, if so, progress etc...

Again, I think it is fair to say that everyone here very much appreciates the great work you have done on the Helpdesk system. Thank you for your tolerance, patience and skill...

John

WhSox21,

Can you confirm the ability for others to view tickets they shouldn't have access to or do you need more information? Sounds like a pretty major bug that needs plugging ASAP.

Tom - I have PMed him a screen shot of me doing this to his own forum - he is acting on it but is busy at the moment. He has PMed me to let me know that there will be a fix soon. I'm sure WhSox21 will sort it out as soon as he has a moment.

Quote:

Originally Posted by WhSox21

Very odd. Let me look into this.

Any chance the fixes are complete. I dunno if you have heard this from "Deaths" (original post - https://vborg.vbsupport.ru/showthrea...light=helpdesk)

Quote:

Originally Posted by Deaths

I strongly _NOT_ recommend this hack, as it has some _SERIOUS_ security issues! (https://vborg.vbsupport.ru/showpost....&postcount=451 as an example)

He says he'll fix it, but this would be the second fix for the same bug, and I don't think he'll every be able to patch it.

PS I've found more than 5 security exploits, 4 of them each a different way of looking at other tickets, and 1 is an SQL injection.

SQL Injections are pretty bad, I have had a few of my sites compromised becasue of this. I am very interested your script for my hosting site, but wish not to have to deal with security holes. Any truths to this? And if Death hasn;t contacted you with his finds, message him, he should have reported them to you so you could fix them (if they do indeed exist that is)

Deaths may be mad because his helpdesk hack was removed from here. But yes, I just looked and there are a few SQL injection problems, but only a few! These will be fixed tomorrow with the other bug. I've just finished my exams this week and have a little bit more free time.

I'm sorry for the lack of updates guys.

I just spent a few hours on this and I've got the problems sorted out. Deaths has not contacted me about the problems, but I don't see any other possible problems.

Let me know how this update works out!

I'll take a look at the current code, and let you know if I find any more problems :)

I have also added the ability to view the requests via this page:
http://www.hackvb.com/helpdesk.php

Just click on the link in the top left.

X vBulletin 3.8.12 by vBS Debug Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (3)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (4)pagenav_pagelink (2)pagenav_pagelinkrel (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages:

Phrase Groups Available:

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.02135 seconds Memory Usage 1,740KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (3)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (4)pagenav_pagelink (2)pagenav_pagelinkrel (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: