vb.org Archive
Page 54 of 60 « First 4445253 54 5556 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 4.x Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=245)
-   -   Add-On Releases - gXboxLive - Xbox Live Leaderboard (https://vborg.vbsupport.ru/showthread.php?t=243493)

MegaManSec 09-26-2012 11:54 AM
Quote:
Originally Posted by CAG CheechDogg (Post 2368660)
I know about XSS Vulnerabilities but how high risk is this if we don't add that fix of yours
Well, it's non-persistent, so it's not 100% harmful, but if somebody were to construct a URL, and get a mod, or an admin to click on it, they could steal your cookies, use it as there own, and they would be logged in as a mod / admin.
There are also more things they could do, exploit 0days in the browser etc.
I would recommend you apply my fix :)

CAG CheechDogg 09-26-2012 12:01 PM
Quote:
Originally Posted by loaep (Post 2368671)
Well, it's non-persistent, so it's not 100% harmful, but if somebody were to construct a URL, and get a mod, or an admin to click on it, they could steal your cookies, use it as there own, and they would be logged in as a mod / admin.
There are also more things they could do, exploit 0days in the browser etc.
I would recommend you apply my fix :)
Thank you for the explanation loaep, just wanted to gain some knowledge about what the risks were. I see you work in web security and it's good to see that you offer us vBulletin modification security checks.

Again thank you so much for that bit of knowledge!

EasyEazy 09-26-2012 12:06 PM
Quote:
Originally Posted by loaep (Post 2368654)
XSS Vulnerability Found.

gxboxlive.php:199: $pagenav = construct_page_nav($pagenumber, $perpage, $gxblcounts['usercount'], 'gxboxlive.php?do=getall', (!empty($sortfield) ? "&sortfield=$sortfield" : "") . (!empty($sortorder) ? "&sortorder=$sortorder" : ""));


OP's last activity was 2011 December, so I'm assuming it won't be fixed.



To fix it yourself, find these lines in gxboxlive.php
Code:
        $sortfield = $vbulletin->input->clean_gpc('r', 'sortfield', TYPE_STR);
        $sortorder = $vbulletin->input->clean_gpc('r', 'sortorder', TYPE_STR);
and add under it
Code:
        $sortfield = htmlspecialchars($sortfield);
        $sortorder = htmlspecialchars($sortorder);
Thank you for the update

Hippy 09-26-2012 09:41 PM
Im a little confused ..
you mean the total rep ?that always displays 0

if you have a place I can come by and peek..
this would be great to get it working ..
as far as the post thanks..
there could be ..would be great to add a fix for the thanks mod and this one..
pm me..

Quote:
Originally Posted by CAG CheechDogg (Post 2368647)
Hippy, did you ever find a solution for the Reputation still showing (0) all the time?

I might of stumbled into something Hippy.

I use the Post Thank You Hack and it uses the following:

Varname $vbphrase[post_thanks_total_thanks]
Text Total Thanks

I changed that to something else and it reflected on the xbox live leaderboards as well changing the phrase for Reputation to what I changed it for the Post Thank You Hack as well. Could there be something connected here? I mean it shouldn't except for the phrase being the same, but it seems it is using the Post Thank You Hack's "reputation" phrase right?

CAG CheechDogg 09-26-2012 09:57 PM
@ Hippy

Correct Hippy, the Total Rep which always displays 0.

And as for my site just lick on my Signature or go to www.cagclan.com , you had already tried to help me figure out the blank page issue but we had no luck remember?

I have been looking trying to figure out the Total Rep issue myself with no success. I tried to see how it called for it from xbox.com but still no luck.

CAG CheechDogg 09-26-2012 10:07 PM
@ Hippy

If we could get the template/code from this person's website, http://forums.3drealms.com/vb/gxboxlive.php, we might find a fix for the "total reputation" bug, it seems to be working on his site.

Hippy 09-26-2012 11:07 PM
Quote:
Originally Posted by CAG CheechDogg (Post 2368841)
@ Hippy

If we could get the template/code from this person's website, http://forums.3drealms.com/vb/gxboxlive.php, we might find a fix for the "total reputation" bug, it seems to be working on his site.
I pmed him... will see what he says :up:

CAG CheechDogg 09-26-2012 11:11 PM
Ok everyone this is very crazy! If you guys don't have your stars showing under "Reputation" it's because xbox.com had decided to once again change the location of the stars png image file.

To fix this go and open your gxbl_headinclude template and replace the url of the image from this:

http://gamercard.xbox.com/Content/Ga...Card_Icons.png

To this:

http://live.xbox.com/content/gamerca...Card_Icons.png


If you also added this to your headinclude template do the same changes.

CAG CheechDogg 09-26-2012 11:13 PM
Quote:
Originally Posted by Hippy (Post 2368854)
I pmed him... will see what he says :up:

Good stuff Hippy, I just ran into something I don't know if it was just me that reverted the templates or if indeed xbox.com again switched the urls of the stars png for the Repuation, but I posted it above just in case they did switch it again.

Hopefully he replies back. If he does you should ask him for zipped package of all the files for the mod, good idea? Then we can compare them to ours.

Hippy 09-26-2012 11:13 PM
Quote:
Originally Posted by CAG CheechDogg (Post 2368838)
@ Hippy

Correct Hippy, the Total Rep which always displays 0.

And as for my site just lick on my Signature or go to www.cagclan.com , you had already tried to help me figure out the blank page issue but we had no luck remember?

I have been looking trying to figure out the Total Rep issue myself with no success. I tried to see how it called for it from xbox.com but still no luck.
so what fixed the blank page ?


All times are GMT. The time now is 02:21 AM.
Page 54 of 60 « First 4445253 54 5556 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.02134 seconds
  • Memory Usage 1,751KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_code_printable
  • (7)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (2)pagenav_pagelinkrel
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete