vb.org Archive
Page 7 of 15 « First 56 7 89 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.8 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=235)
-   -   Miscellaneous Hacks - Cyb - Login To User Account (https://vborg.vbsupport.ru/showthread.php?t=201286)

Phobos49 04-09-2009 07:20 AM
Did somebody already cross check versions 3.7, 3.6 and 3.5 if they have the same heavy bug?

btw: every admin using this AddOn should be informed "asap" by eMail as soon as Cybernetec or vb-Admin has confirmed this bug.

Phobos49 04-09-2009 07:47 AM
Here I go again...

Seems like we have a worst-case-scenario... :( I just tried to "hijack" an admin account of a forum postet in the signatur of an user using the 3.7-Version.

Unfortunatly, I was successfull...
I now have full access of his forum! Don't worry - I will not do any harm!

ADMINs! Please remove all versions of this AddOn & inform every admin to disable this AddOn as soon as possible!
If vb-Admins would like to test hijacking forums - send PN an I'll give you some links to vunerable forums. There you can hijack any account you want. Unbelivable!!!! :mad::down:

TheCatcher 04-09-2009 08:15 AM
Confirm the Phobos49 called Bug!

Sweeks 04-09-2009 08:51 AM
Told you it wasnt impossible :D The only mod that does the same and seems secure right now is:

https://vborg.vbsupport.ru/showthread.php?t=168819
________
FISTING MILF

rmxs 04-14-2009 11:06 AM
I think now the problem fixed :P

KURTZ 04-14-2009 11:09 AM
changelog?

sturdy 04-14-2009 11:10 AM
Im currently using this hack for my forum. But how is it possible that somebody easily uses the url ? Does he need an account on the forum or which way does it work ?

-=Leb=- 04-14-2009 11:33 AM
a confirmation from cyb will be nice.
Sorry if i ask Cyb, is this mod safe now? can i install it?

-=Leb=- 04-14-2009 11:35 AM
if this mod safe now, plz edit phobos post above!

Phobos49 04-14-2009 11:53 AM
Quote:
Originally Posted by Leb (Post 1790967)
if this mod safe now, plz edit phobos post above!
Why? Version 2.2 ist absolutly unsafe!

Version 2.3 should be safe now (did not test myself yet).

But every admin MUST updated to 2.3 to secure his forum!

So I am not going to edit my posting.


All times are GMT. The time now is 02:54 PM.
Page 7 of 15 « First 56 7 89 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.02574 seconds
  • Memory Usage 1,734KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete