vb.org Archive
Page 5 of 11 « First 34 5 67 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vbBux / vbPlaza (https://vborg.vbsupport.ru/forumdisplay.php?f=171)
-   -   vbBux / vbPlaza v1.5.8 has been released! (https://vborg.vbsupport.ru/showthread.php?t=121138)

Shazz 02-22-2007 01:27 AM
:confused:
Quote:
Originally Posted by BrandiDup (Post 1187900)
People will still keep posting new threads asking the same things until some sort of official word is put out though.
If you search CMX last 3-4 posts he made he said it...
What more could people ask for?

BrandiDup 02-22-2007 01:56 AM
I haven't searched his posts but what I'm trying to say is that most people who have this modification installed are not going to go searching through his posts. I just figured a sticky or something should be posted since everyone is so annoyed by people repeating the same questions. He may have said something officially within some post somewhere but the majority of people have not and will not see that post. I'm truly not trying to piss any one off or make any demands. I'm just saying that people will continue to post the same exact questions and beat the dead horse until there is some sort of email update sent out (such as the one we received about the exploit) or a sticky or something. :)

Anyhow, I've said my piece so I'm done :)

cOuNtErFiET 02-22-2007 02:55 AM
EDIT: whoops forgot about other pages sry disregard

jheigl 02-22-2007 03:11 PM
anyone know where i can find any version of this to download? this is the main reason i bought vb and now i cant find it anywhere!

fly 02-22-2007 03:25 PM
Quote:
Originally Posted by jheigl (Post 1188338)
anyone know where i can find any version of this to download? this is the main reason i bought vb and now i cant find it anywhere!
lol

rjmjr69 02-22-2007 06:40 PM
Theres another site working on making a new plaza........... Seems like its going to be a bit better than this one for sure

Deimos 02-22-2007 07:14 PM
Quote:
Originally Posted by rjmjr69 (Post 1188488)
Theres another site working on making a new plaza........... Seems like its going to be a bit better than this one for sure
Which site is that?

rjmjr69 02-22-2007 09:18 PM
<a href="http://www.zikihideout.com/products/105-zh-credit-system-zh-credit-shop.html#post315" target="_blank">http://www.zikihideout.com/products/...p.html#post315</a>

Pretty cool little site. He's asking what features and options people would like to see included so go post up some suggestions

Shazz 02-22-2007 09:23 PM
Post #8
I highly doubt that

fly 02-22-2007 09:39 PM
Quote:
Originally Posted by rjmjr69 (Post 1188630)
http://www.zikihideout.com/products/...p.html#post315

Pretty cool little site. He's asking what features and options people would like to see included so go post up some suggestions
Sweet Jesus!

jheigl 02-23-2007 12:30 AM
Quote:
Originally Posted by flypaper (Post 1188343)
lol
whats so funny? i asked a simple straight forward question

rjmjr69 02-23-2007 12:33 AM
Quote:
Originally Posted by flypaper (Post 1188651)
Sweet Jesus!
? Just found the site seems pretty interesting small start up

fly 02-23-2007 12:47 AM
Quote:
Originally Posted by jheigl (Post 1188738)
whats so funny? i asked a simple straight forward question
The last 10 pages of this thread have been about the hack getting pulled due to a security issue.

Forza 02-23-2007 11:31 AM
*tips everyone to click install when downloading a hack from here*

my board has been hacked twice the past weeks and i thought i was from some modification i made myself... untill i noticed something weird going on today with the plaza, after some googling i found a topic about this on another forum... lets hope they fix this soon.

btw, i currently disabled the donate function, will this do? Or should i disable the entire product in the Manage Products settings?

cashpath 02-23-2007 02:40 PM
If you want to be safe.. disable the product.. if you want to be even safer uninstall it.

majorxp 02-23-2007 07:25 PM
Quote:
Originally Posted by flypaper (Post 1187672)
Is the store hurting you sitting there disabled? Do you really think CMX doesn't know that we want more info? Do you think everyone posting about it will change his mind? Do you think that a flea jumping at a 45 angle to the equator will reach the equator faster or slower than one jumping at 40 degree angle?
Quote:
Originally Posted by flypaper (Post 1187689)
My point was that you didn't say anything that wasn't already said and none of it is helping. :D

...someone piss in your Wheaties?

Expect this thread to continue with people asking when it is going to be fixed and bring attention to the issue. If you can't handle that, I suggest not reading this thread any longer.:rolleyes:

Shazz 02-23-2007 07:31 PM
Quote:
Originally Posted by majorxp (Post 1189283)
...someone piss in your Wheaties?

Expect this thread to continue with people asking when it is going to be fixed and bring attention to the issue. If you can't handle that, I suggest not reading this thread any longer.:rolleyes:
Just my opinion...
Had to visit the thread again because it keeps getting bumped every hour...

Since its known that the donation part is the one causing it, What if you just disabled or deleted that whole function?

majorxp 02-23-2007 08:03 PM
I haven't looked at the code yet, but there have been several reports of a 'fix'. I personally don't know if that fixes all the issues, but if there isn't a fix by CMX or one of the admins here in the next week or so, I'm going to break down and review the code.

fly 02-23-2007 09:33 PM
Quote:
Originally Posted by majorxp (Post 1189283)
...someone piss in your Wheaties?

Expect this thread to continue with people asking when it is going to be fixed and bring attention to the issue. If you can't handle that, I suggest not reading this thread any longer.:rolleyes:
And expect me to continue chiding them, because its just as productive and more fun!

Exitilus 02-23-2007 11:54 PM
I also know Tehste is working on a Point System (Paid) and eventually a store as well. So hopefully other options will come around.

Shazz 02-24-2007 12:56 AM
Quote:
Originally Posted by Exitilus (Post 1189451)
I also know Tehste is working on a Point System (Paid) and eventually a store as well. So hopefully other options will come around.
Also the other guy the name starting with a "w"
Posted one about a new paid one as well.

Deimos 02-24-2007 01:07 AM
Urgh, I can see where this is going

Rather than having one well made point/store system, we're going to have 2+ different versions, bit like the 2 arcade scripts out there
Would be alot better, in my opinion, if everyone worked together to make one kick ass system.

thepub 02-24-2007 01:51 AM
question about the bank and points, how can the admin reset the bank and all the users points to zero without having to manually do it one member at a time?

Insert Username 02-24-2007 02:52 AM
Quote:
Originally Posted by thepub (Post 1189500)
question about the bank and points, how can the admin reset the bank and all the users points to zero without having to manually do it one member at a time?
In the Admin CP, go to vbBux > Mass Points Givaway. At the bottom of that page is an option to reset all points to zero.

Greek Wizard 02-24-2007 08:52 AM
Quote:
Originally Posted by Acers (Post 1175961)
here is a temporary fix, i have tested this locally only for the donate function and its working as far as this exploit goes, and since the same logic can be taken for other places where its used we can replace there

go to your vbplaza folder, find occurrences of the following:
includes/function_vbplaza.php
find around line 152(depending on the version you have)

PHP Code:
$message strip_tags($message); 
make that
PHP Code:
$message htmlspecialchars($message); 
go to
vbplaza/action.admindonate.php (line 133)
PHP Code:
$action['reason'] = strip_tags($action['reason']); 
make that
PHP Code:
$action['reason'] = htmlspecialchars($action['reason']); 

goto
vbplaza/action.changeotherusertitle.php (line 136)
PHP Code:
$newusertitle_stripped strip_tags($newusertitle); 
make that
PHP Code:
$newusertitle_stripped htmlspecialchars($newusertitle); 

goto
vbplaza/action.changeusertitle.php (line 87)
PHP Code:
$newusertitle_stripped strip_tags($newusertitle); 
make that
PHP Code:
$newusertitle_stripped htmlspecialchars($newusertitle); 

goto
vbplaza/action.donate.php (line 164)
PHP Code:
$action['reason'] = strip_tags($action['reason']); 
make that
PHP Code:
$action['reason'] = htmlspecialchars($action['reason']); 



goto
vbplaza/action.gift.php (line 209)
PHP Code:
$action['giftmessage'] = strip_tags($action['giftmessage']); 
make that
PHP Code:
$action['giftmessage'] = htmlspecialchars($action['giftmessage']); 

goto
vbplaza/action.ribbons.php (line 218)
PHP Code:
$action['ribbonmessage'] = strip_tags($action['ribbonmessage']); 
make that
PHP Code:
$action['ribbonmessage'] = htmlspecialchars($action['ribbonmessage']); 


the above fixes one part of the exploit. Ofcourse there might be other issues involved also, i am still looking around and maybe others are also.

Please note that there might be other code areas that can be exploited also which i don't know yet. Don't think you are safe just by doing the above. The full exploit and what caused it has not been released so all this is guesswork to find the vulnerable part.(btw if this was not one part of exploit, even then it should be in part of the fix as the original code above can be exploited.I just looked at the code and saw this cos the original poster had mentioned something to do with pm text. Wait for an official fix or atleast don't blame me :D
For those using this fix, I have discovered that when you change this:

Quote:
go to your vbplaza folder, find occurrences of the following:
includes/function_vbplaza.php
find around line 152(depending on the version you have)

PHP Code:
$message strip_tags($message); 
make that
PHP Code:
$message htmlspecialchars($message); 
when a user quotes another user, instead of them getting 3 or 5 vbBux (whatever you have set) for a regular reply, it in fact gives them 50+ for each quote

Acers, any idea why this would cause that?

giovannicosta 02-24-2007 12:21 PM
when I click the link in the first post it says I don't have permission to access it

Shazz 02-24-2007 12:41 PM
Quote:
Originally Posted by giovannicosta (Post 1189653)
when I click the link in the first post it says I don't have permission to access it
:mad:

Its currently removed from vB.org untill the exploit is either fixed or a new version comes out

tfusion 02-24-2007 01:17 PM
arghh... Wish i find a download for it...

I heard its only the PM part fo the vbplaza that has the problem..

Black Widow 02-24-2007 04:19 PM
can someone give me a download link of this hack so i can try to find a fix?

Shazz 02-24-2007 04:32 PM
Quote:
Originally Posted by tfusion (Post 1189683)
arghh... Wish i find a download for it...

I heard its only the PM part fo the vbplaza that has the problem..
Donation part :|

katilkuzu 02-27-2007 12:06 AM
Quote:
Originally Posted by Black Widow (Post 1189795)
can someone give me a download link of this hack so i can try to find a fix?
also i need, i wanna try it

thank you

Acers 02-27-2007 12:50 AM
Quote:
Originally Posted by Shazz (Post 1189806)
Donation part :|
no its not just the donations part, there are other areas also.
Quote:
Originally Posted by Greek_Wizard
when a user quotes another user, instead of them getting 3 or 5 vbBux (whatever you have set) for a regular reply, it in fact gives them 50+ for each quote

Acers, any idea why this would cause that?
i have that option disabled, i will have a look. try using the second round of fix i had given, not the first one. They would use the vbulletins own cleaning class.

Shazz 02-27-2007 02:00 AM
Quote:
Originally Posted by Acers (Post 1191577)
no its not just the donations part, there are other areas also.

i have that option disabled, i will have a look. try using the second round of fix i had given, not the first one. They would use the vbulletins own cleaning class.
Other areas such as...
Is there a list?

I mean don't need to show where the exploit is, or anything just gives us areas

Acers 02-27-2007 11:45 AM
well just see what part in the donation that can be exploited and see where else it occurs. There are till last count 7 areas. (I had missed one but Mysticales suggested a new one)
well there is no list cos this is as much as we have found out looking at the code.

JBMoney 02-28-2007 02:31 PM
Does anyone have a distribution zip of this last version that they can forward on to me?

I recently did a lot of upgrading, lost my copy and I need to do some work with it, with or without bugs.

PM me if you do. Thanks.

Zia 03-01-2007 05:23 AM
Quote:
Originally Posted by JBMoney (Post 1192671)
Does anyone have a distribution zip of this last version that they can forward on to me?

I recently did a lot of upgrading, lost my copy and I need to do some work with it, with or without bugs.

PM me if you do. Thanks.
i wll try.
i gez vb dont have any objection for it.

jheigl 03-01-2007 12:55 PM
i also need a version if anyone can send it to me

Shazz 03-01-2007 02:57 PM
They closed and removed the thread temp. for a reason -.-

JBMoney 03-02-2007 01:51 PM
Quote:
Originally Posted by Shazz (Post 1193393)
They closed and removed the thread temp. for a reason -.-
HEY! Looks like you've read the thread too!!! :up:

VBUsers 03-03-2007 05:12 AM
hope this gets fixed soon.


All times are GMT. The time now is 12:49 PM.
Page 5 of 11 « First 34 5 67 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01510 seconds
  • Memory Usage 1,859KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (16)bbcode_php_printable
  • (23)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (40)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete