vb.org Archive
Page 5 of 15 « First 34 5 67 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.8 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=235)
-   -   Miscellaneous Hacks - Cyb - Login To User Account (https://vborg.vbsupport.ru/showthread.php?t=201286)

Valter 03-30-2009 03:29 PM
Quote:
Originally Posted by Sweeks (Post 1780233)
There is a serious security bug in this modification which can allow a member to access any user account. DO NOT INSTALL! Been hacked twice because of this product!
Impossible.

You can always check in moderator log who used this hack.

Sweeks 03-30-2009 04:45 PM
Quote:
Originally Posted by Cybernetec (Post 1780386)
Impossible.

You can always check in moderator log who used this hack.
There is some form of security bug in this which allows even a guest to use it. If I could PM you I would let you experience the flaw as I dont wish to post it publically.

Now unless there is something wrong with how I have set this up then there definitely is a problem. The only users I have allowed to use this is two admin accounts, I dont understand how guests could use it.
________
Extreme Vaporizer Sale

Sweeks 03-30-2009 07:57 PM
We have also found out that users were able to use the login to user account via a link on all members profiles as a guest.
________
BODY SCIENCE

Raptor 03-30-2009 09:53 PM
<a href="https://vborg.vbsupport.ru/showthread.php?t=168819" target="_blank">https://vborg.vbsupport.ru/showthread.php?t=168819</a>

this works great on vb 3.8.1

Sweeks 03-30-2009 10:03 PM
Quote:
Originally Posted by Raptor (Post 1780657)
Apparently not fully:

https://vborg.vbsupport.ru/showpost....&postcount=247

I hope that this is something I have overlooked.
________
Ferrari Fx

Valter 03-30-2009 11:16 PM
Quote:
Originally Posted by Sweeks (Post 1780442)
There is some form of security bug in this which allows even a guest to use it. If I could PM you I would let you experience the flaw as I dont wish to post it publically.

Now unless there is something wrong with how I have set this up then there definitely is a problem. The only users I have allowed to use this is two admin accounts, I dont understand how guests could use it.
Have you checked your ModLog for this product entries?

Feel free to report product to forum Staff so they can check it and move it to "Mod Graveyard" if they find such bug. Noone reported such issue before.

Check your settings and ensure that proper user IDs are added to the list of Admins. IDs should be separated with commas.

nascartr 03-31-2009 02:24 PM
I tested with a regular member and a guest, I don't have the problem.

Sweeks 03-31-2009 06:25 PM
There is no logs at all of the activity as it is a guest able to do this. All user ID's have been correct too. @ Nascartr, I have tested it myself on a friends board without the same problem. I am sure this wasnt possible on our board until lately. Could it be anything to do with not using the default memberinfo template?
________
FAMILY GUY DICUSSION

Wifey 04-01-2009 08:19 PM
I got a vbulletin error page when I tried to log in to an account on my site. I went back to the main page and it was gone, and I was logged in as myself but it was telling me I was logged in as someone else. I haven't even opened this site yet and have maybe 4 other hacks total installed. Any idea?

Great hack, by the way -- I had it on my last board and it was very useful with helping out a user on their account without having them change their password to something generic and then changing it back.

Valter 04-01-2009 08:59 PM
Quote:
Originally Posted by Sweeks (Post 1781228)
Could it be anything to do with not using the default memberinfo template?
Nope. Even if you give them direct link to loginasuser script they will not be able to do that.
Quote:
Originally Posted by Wifey (Post 1781967)
I got a vbulletin error page when I tried to log in to an account on my site.
What error?

Try to clear forum cookies, then re-log-in to your account, then try to log-in as user.


All times are GMT. The time now is 03:30 PM.
Page 5 of 15 « First 34 5 67 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01211 seconds
  • Memory Usage 1,740KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (6)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete