vb.org Archive
Page 5 of 12 « First 34 5 67 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 4.x Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=245)
-   -   Miscellaneous Hacks - Patched Flash Uploader to Fix Known Exploits (https://vborg.vbsupport.ru/showthread.php?t=307008)

alexm 03-02-2014 11:07 AM
Quote:
Originally Posted by tom w (Post 2484432)
Being a paranoid security type, any chance of getting the source code for this replacement file? Since it doesn't come from either Yahoo or VBulletin (for whatever reason) I'm reluctant to trust files from a relatively unknown sources (though it's great people like to help) which could introduce other vulnerabilities that we'd never know about.
I would be happy to share the source with another developer if their suggestions/feedback helps the community as a whole, but how would you know if I've given you the correct source? And, also being a paranoid security type with a busy vB4 forum myself, how do I know you aren't looking for vulnerabilities to exploit yourself? :p

I think the easy answer is if you understand Flash it's very easy to decompile the SWF yourself and look at the source. That's basically what I did to get it working anyway. :D

If anyone does find an issue let me know and I'll do my best to incorporate a fix.

BirdOPrey5 03-02-2014 01:40 PM
Quote:
Originally Posted by tom w (Post 2484432)
Being a paranoid security type, any chance of getting the source code for this replacement file? Since it doesn't come from either Yahoo or VBulletin (for whatever reason) I'm reluctant to trust files from a relatively unknown sources (though it's great people like to help) which could introduce other vulnerabilities that we'd never know about.
FYI

There are many free flash / swf file decompilers online you can upload the .swf file and get the source yourself.

For example - http://www.showmycode.com

furnival 03-10-2014 04:34 AM
I belatedly upgraded to VB 4.22 and had to reinstall this afterwards. This should be incorporated into the next VB 4 release so that everyone doesn't have to reinstall this once more.

msnhockey 03-12-2014 04:50 AM
I cant seem to get this to select more than 1 image in IE or Chrome with the settings in the instructions and with deleting browser cache. any ideas?

I am using IE 11 and Chrome version 33.0.1750.146

Zachery 03-12-2014 09:20 AM
Quote:
Originally Posted by furnival (Post 2486162)
I belatedly upgraded to VB 4.22 and had to reinstall this afterwards. This should be incorporated into the next VB 4 release so that everyone doesn't have to reinstall this once more.
there are no plans to add the flash uploader back, in any form, at this time.

joeychgo 03-14-2014 10:56 PM
Quote:
Originally Posted by Zachery (Post 2486640)
there are no plans to add the flash uploader back, in any form, at this time.

Zack, is there any reason to think this fix doesn't solve the problem? If not, then why not add it back with this fix?

BirdOPrey5 03-14-2014 11:40 PM
Quote:
Originally Posted by joeychgo (Post 2487314)
Zack, is there any reason to think this fix doesn't solve the problem? If not, then why not add it back with this fix?
Legal reasons...

Zachery 03-15-2014 12:55 AM
Quote:
Originally Posted by joeychgo (Post 2487314)
Zack, is there any reason to think this fix doesn't solve the problem? If not, then why not add it back with this fix?
It may solve today's problems, but not tomorrow, or the day after, or the day after.

There have been a long and sordid history with the flash uploader, and YUI's security of flash scripts. The YUI devs themselves have abandoned the script.

We can address the changes with something like relying on the HTML5 constructs of modern browsers instead by adding a simple MULTIPLE line to the input. That'd be the fix we'd go with, without adding another issue into the mix.

tbworld 03-15-2014 09:05 AM
Thanks @Zachery, nice explanation. Always appreciated. :)

Reef Man 03-25-2014 01:08 PM
It does not wolve the problem. I have 4.2.2


All times are GMT. The time now is 05:06 PM.
Page 5 of 12 « First 34 5 67 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01177 seconds
  • Memory Usage 1,740KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (6)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete