The attached file is a patched version that will fix the security bug reported here:

http://www.securityfocus.com/bid/11658/info/
http://www.securitytracker.com/id?1012197
http://www.vbulletin.com/forum/showthread.php?t=120915
https://vborg.vbsupport.ru/showthread.php?t=71772

I AM getting error - you do not have permission to access this page.
whats the vb 3.x version of this hack :) ?

hello ,,

i just recive a message from some visitor , he said that this hack can allow others to get admin user & password if click on this link :

http://www.domain.com/last.php?fsel=...6%20LIMIT%201/

the full link is :

is this true ? i have noi idea ..

regards,

hi,
has anybody else had problems with the links if you select to show part of the post?
my links show up as [ U R L ] somedomain.com [ / u r l ] ie. in VB code so the link is not working at all :( can anybody help....

so in short does the Parses [ url ] work for everyone else????

cheers
Darren

Your file didn't work for me, but I'm on 3.0.5 now. The original file still works fine.

right im having a problem with this code
Thats on line 115 of the file

I assume it has something to do with the error is
Edit: the problem is only in the patched version

Dummy Inc. here. This php stuff is killing me :(


I installed the hack on both my localserver (running winXP, Apache for Windows) and my host. Both have SSI enabled. I get this very encouraging error message:

An error occurred while processing this directive

Very informative. Here's how my php10config looks:

---snip----

/////////////// CONFIG ///////////////
//
$path = "localhost/vbulletin/includes"; // path to your config.php file (usually in the /admin directory) - NO TRAILING SLASH! Do not include "config.php"
$url = "localhost/vbulletin"; // URL to your board - NO TRAILING SLASH!
$urlimg = "localhost/vbulletin/images/smilies"; // URL to your board's images - NO TRAILING SLASH!
$maxthreads = "10"; // max threads to show. will show less if $last24 or $last7 limits it to less results than this number
$ob = "lastpost"; // set to one of the following: replycount , views , lastposter , title , lastpost (lastpost is most popular. it's the thread most recently replied to, then the second-to-last most recent, etc.)
$obdir = "desc"; // which direction to sort? "desc" goes from bottom to top (9 to 1, z to a, etc.). "asc" goes top to bottom (1 to 9, a to z, etc.). if you use lastpost for $ob, leave this set to desc or it will not work correctly!
$last24 = "0"; // 1 = last 24 hours; 0 = all (must set this to 0 if $last7 is set to 1)
$last7 = "0"; // 1 = last 7 days; 0 = all (must set this to 0 if $last24 is set to 1)
$bc1 = "#696969"; // first alt color
$bc2 = "#5c5c5c"; // second alt color
$hc = "#999999"; // head background color
$lc = "#EEEEEE"; // link color
$tc = "#FFFFFF"; // text color
$f = "Verdana"; // font face
$fs = "8"; // font size in points - 8 is normal, 6 is on the small side, 10 on the large side. play around with it. :)
$lastposter = "0"; // show last poster? 1 = yes; 0 = no
$views = "0"; // show view count? 1 = yes; 0 = no
$replies = "0"; // show reply count? 1 = yes; 0 = no
$lastpostdate = "1"; // show last post date and time? 1 = yes; 0 = no
$len = 25; // maximum number of characters of the title to show. e.g. if the title is 60 characters and this is set to 25, only the first 25 characters of the title will be shown (followed by ...)
$excludeforums = ""; // if you want to exclude a forum, put it's ID here. more than one, seperate them with commas, NO SPACES! e.g. 1,2,3,4
$includeforums = ""; // if you only want to include certain forums, put their ids here. separate more than one with commas, NO SPACES! e.g. 1,2,3,4
$showmessages = "0"; // show the text of the last post too? 1 = yes; 0 = no
$lplen = "300"; // character length of last post text (if $showmessages is set to 0 this won't do anything).
$tw = ""; // width of the table that shows the info, in either a percent ( e.g. 95% ) or in pixels ( e.g. 300 ). leave blank if you want the table to be sized naturally
$showdate = "0"; // show the date, as well as the time? if the posts that show up in the list are likely to all be from today (or you set $last24 to "1"), you can set this to 0. if the posts are spread over multiple days, you probably want this set to 1.
$cs = "0"; // this is the cellspacing. 1 makes a thin line around the cells. 0 makes no line.
$showicon = "1"; // shows the posts' icon next to the post
$showforumtitle = "0"; // shows the forum title (linked to that forum) next to the thread title
$nb = "0"; // do you want breaks in text to appear as such? this may cause problems if there are large breaks in the text
//
///////////// END CONFIG /////////////

---- snip------

The simpletest.shtml I'm running to test is situated in the localhost/vbulletin directory and looks like this:

<HTML>
<HEAD>
<TITLE>Untitled Page</TITLE>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
</HEAD>
<BODY>
<!--#include file="http://localhost/vbulletin/last10.php"-->

</BODY>
</HTML>


What do I do wrong???????? PS. Running vBulletin 3.0.5 (will update to 3.0.6 when or if I get this working)

Thanking bunches in advance for any help!!!!!

hi all,

this hack looks great, anyway I use VB 3.0.0 beta x, so the hack does not work for me :(

i need to put 1-2 links of new posts of 1 forum into another forum,
is there any most SIMPLE way?

Many thx for help.

How can I make this great hack work as well in VBadvance portal CMPS... what variables should I set in the default setting their for enabling this hach to work as well in my Poratl vbadvanced CMPS ?

this hacks awesome! thank you so much. my forum members absolutely love it.