vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   uCash & uShop (https://vborg.vbsupport.ru/forumdisplay.php?f=100)
-   -   uCash & uShop old support and thank you thread (https://vborg.vbsupport.ru/showthread.php?t=73736)

FrOgZ 04-22-2004 03:48 AM

g0g0g0 fix before they abuse it more :(

poetic 04-22-2004 11:10 AM

Well can anyone figure out why alot of us get NO actions Found ??? HeyFrogz its flyeyes :-p

GenSec 04-22-2004 01:21 PM

Quote:

Originally Posted by poetic
Well can anyone figure out why alot of us get NO actions Found ??? HeyFrogz its flyeyes :-p

Just be carefull adding code in global.php.
It should be placed near the end of global.php file.

lasto 04-22-2004 02:03 PM

Quote:

Looks like someone found a loophole in a script somewhere, and they're executing SQL through it. Be glad they're not doing a "DROP TABLE `post`" or anything like that
so whats the crack with the users runing a sql query - which i dont understand really as how can members gain access to the database by way of the store?
If so this is a serious problem for any of us using this hack and as such i have disabled the store for use by members till this problem is sorted or until im told it is`nt the store that has the problem.

poetic 04-22-2004 04:55 PM

well now that i think of it I think i already had this installed at one time on these files and just redid the styles so the tempaltes reset so im wondering why it isnt working because it was working before so i might be a problem with the warn.php or the html you put in the postbit

FrOgZ 04-22-2004 09:46 PM

try updating vB :O

lasto 04-23-2004 12:25 AM

Is there a potential problem with this store or not ?

Feedback to a problem like this is nessecary for every member who may wish to install it or has done.

https://vborg.vbsupport.ru/showpost....&postcount=676

sabret00the 04-23-2004 08:43 AM

yup that's a very serious problem

dieKetzer 04-23-2004 01:48 PM

somebody gonna address this? this is an important question for a few of us...
Quote:

Originally Posted by lasto
so whats the crack with the users runing a sql query - which i dont understand really as how can members gain access to the database by way of the store?
If so this is a serious problem for any of us using this hack and as such i have disabled the store for use by members till this problem is sorted or until im told it is`nt the store that has the problem.


Reeve of shinra 04-23-2004 02:22 PM

How is thsi exploited?


All times are GMT. The time now is 04:21 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03195 seconds
  • Memory Usage 1,735KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (3)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (5)pagenav_pagelinkrel
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 

Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete