vb.org Archive
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   VBPager (https://vborg.vbsupport.ru/showthread.php?t=153398)

talenak 07-25-2007 09:31 PM
VBPager
 
Is there any information about the vulnerability? I'd like a little info to figure out what the risk is. My forum is STILL reeling from losing vbplaza and now they are going to friggin riot. lol

I just want to know what I'm getting myself in to if I keep it, or if I need to just hold my breath and jump in the croc pond and uninstall it.

Kirk Y 07-25-2007 09:54 PM
We cannot disclose the nature of its vulnerabilities as this information could be used to exploit boards who have not disabled or uninstalled it.

budswope 07-25-2007 10:09 PM
I cannot download the zip for vbpager. I can't seem to find it on my computer either. I have uninstalled the product but I want to be sure I revert all the template edits and delete all the files but I need the zip to do it. How can I get it?

talenak 07-25-2007 10:40 PM
Right Kirk, I don't want to know HOW to do it. Just what they can do to my forum if they know the exploit.

Like, can they delete posts? Members? Steal cookies? That kind of thing.

Kirk Y 07-25-2007 10:42 PM
I haven't looked at each and every find for that specific release, but to my knowledge one could conceivably retrieve sensitive information from the database and have it "paged" to them, ironically enough.

MorrisMcD 07-27-2007 02:23 PM
Quote:
Originally Posted by Kirk Y (Post 1301712)
I haven't looked at each and every find for that specific release, but to my knowledge one could conceivably retrieve sensitive information from the database and have it "paged" to them, ironically enough.
Good enough for me to shut it off.. and keeping it a secret is the best idea.. It makes the vulnerability worse if you start publishing what it does

Dismounted 07-28-2007 11:25 AM
Here's the readme, for those who need it:
Quote:
/*================================================= =====================*\
|| ################################################## ################## ||
|| # vB Pager 3.0.4 for vBulletin 3.5.x # ||
|| #-------------------------------------------------------------------------------------------------------------------------# ||
|| # Copyright ?2000–2005 WwW.UAEWEB.COM All Rights Reserved. # ||
|| # This file may not be redistributed in whole or significant part. # ||
|| #----------------------------- VBULLETIN IS NOT FREE SOFTWARE -------------------------------- # ||
|| # http://www.vbulletin.com | http://www.vbulletin.com/license.html # ||
|| ################################################## ################## ||
\*================================================ ======================*/

vB Pager is a text-based instant messaging system over the community between members.
For more Informations and Updates, visit: https://vborg.vbsupport.ru/showthread.php?t=104609

################################################## ###########################
############################# New Installation ###################################
################################################## ###########################

Step 1. Upload all the files from the "files" directory in this zip into your forum directory.
Step 2. Import product-pager.xml as a new product.
Step 3. Edit templates as instructed below.

################################################## ###########################
############################## TEMPLATE EDITS ###############################
################################################## ###########################

In the template: MEMBERINFO
=============================
FIND
=============================
<if condition="$show['pm']">
<tr>
<td>
$vbphrase[private_message]:<br />
<a href="private.php?$session[sessionurl]do=newpm&amp;u=$userinfo[userid]" rel="nofollow"><phrase 1="$userinfo[username]">$vbphrase[send_private_message_to_x]</phrase></a>
</td>
</tr>
</if>
=============================
BELOW ADD
=============================
<!-- [START HACK='vB Pager' AUTHOR='UAEWEB.COM' VERSION='3.0.3' CHANGEID= 1 ] -->
<if condition="$vboptions['vbpager_active'] AND $bbuserinfo['userid']">
<tr>
<td>
$vbphrase[pager_vbpager]:<br />
<a href="#" onclick="window.open('pager.php?do=buddylist&amp;p userid=$userinfo[userid]','pagerbuddylist','statusbar=no,menubar=no,toolba r=no,scrollbars=yes,resizable=yes,width=$vboptions[vbpager_width],height=$vboptions[vbpager_height]'); return false;"><phrase 1="$userinfo[username]">$vbphrase[pager_send_pager_message_to_x]</phrase></a>
</td>
</tr>
</if>
<!-- [END HACK='vB Pager' AUTHOR='UAEWEB.COM' VERSION='3.0.3' CHANGEID= 1 ] -->
=============================


In the template: modifyoptions
=============================
FIND
=============================
$customfields[messaging]
=============================
ABOVE ADD
=============================
<!-- [START HACK='vB Pager' AUTHOR='UAEWEB.COM' VERSION='3.0.3' CHANGEID= 2 ] -->
<if condition="$show['pager']">
<fieldset class="fieldset">
<legend><label for="cb_pageroption">$vbphrase[pager_vbpager]</label></legend>
<table cellpadding="0" cellspacing="$stylevar[formspacer]" border="0" width="100%">
<tr>
<td>
$vbphrase[pager_features_pager_messaging_system]
</td>
</tr>
<tr>
<td><label for="cb_pageroption"><input type="checkbox" name="pageroption" value="1" id="cb_pageroption" onclick="toggle_disabled(this.checked, 'pageroptiontbody')" $checked[pageroption] />$vbphrase[pager_enable_pager_messaging]</label></td>
</tr>
<tbody id="pageroptiontbody"<if condition="!$bbuserinfo[pageroption]"> disabled="disabled"</if>>
<tr>
<td><br />$vbphrase[pager_features_pager_messaging_from_buddylist]</td>
</tr>
<tr>
<td><label for="cb_pagerbuddyoption"><input type="checkbox" name="pagerbuddyoption" value="1" id="cb_pagerbuddyoption" $checked[pagerbuddyoption] />$vbphrase[pager_enable_pager_messaging_from_buddylist]</label></td>
</tr>
<if condition="$vboptions['vbpager_playsound']">
<tr>
<td><label for="cb_pagersoundoption"><input type="checkbox" name="pagersoundoption" value="1" id="cb_pagersoundoption" $checked[pagersoundoption] />$vbphrase[pager_enable_pager_sound_notification]</label></td>
</tr>
</if>
</tbody>
</table>
</fieldset>
<else />
<input type="hidden" name="pageroption" value="$bbuserinfo[pageroption]" />
<input type="hidden" name="pagerbuddyoption" value="$bbuserinfo[pagerbuddyoption]" />
<input type="hidden" name="pagersoundoption" value="$bbuserinfo[pagersoundoption]" />
</if>
<!-- [END HACK='vB Pager' AUTHOR='UAEWEB.COM' VERSION='3.0.3' CHANGEID= 2 ] -->
=============================

In the template: navbar
=============================
FIND
=============================
<if condition="$show['pmstats']"><br /><phrase 1="$vbphrase[unread_x_nav_compiled]" 2="$vbphrase[total_x_nav_compiled]" 3="$session[sessionurl_q]">$vbphrase[private_messages_nav]</phrase></if>
=============================
BELOW ADD
=============================
<!-- [START HACK='vB Pager' AUTHOR='UAEWEB.COM' VERSION='3.0.3' CHANGEID= 3 ] -->
<if condition="$show['pager']"><br /><a href="#" onclick="window.open('$vboptions[bburl]/pager.php?action=pager&do=log&folder=inbox','pager inbox','statusbar=no,menubar=no,toolbar=no,scrollb ars=yes,resizable=yes,width=650,height=500'); return false;">$vbphrase[pager_pager_messages]</a><phrase 1="$bbuserinfo[pagerunread]" 2="$bbuserinfo[pagertotal]">$vbphrase[pager_messages_nav_x_y]</phrase></if>
<!-- [END HACK='vB Pager' AUTHOR='UAEWEB.COM' VERSION='3.0.3' CHANGEID= 3 ] -->
=============================

FIND
=============================
<tr><td class="vbmenu_option"><a href="#" onclick="window.open('misc.php?$session[sessionurl]do=buddylist&amp;focus=1','buddylist','statusbar=n o,menubar=no,toolbar=no,scrollbars=yes,resizable=y es,width=250,height=300'); return false;">$vbphrase[open_buddy_list]</a></td></tr>
=============================
BELOW ADD
=============================
<!-- [START HACK='vB Pager' AUTHOR='UAEWEB.COM' VERSION='3.0.3' CHANGEID= 4 ] -->
<tr><td class="vbmenu_option"><a href="#" onclick="window.open('$vboptions[bburl]/pager.php?$session[sessionurl]do=buddylist','pagerbuddylist','statusbar=no,menub ar=no,toolbar=no,scrollbars=yes,resizable=yes,widt h=$vboptions[vbpager_width],height=$vboptions[vbpager_height]'); return false;">$vbphrase[pager_open_vbpager]</a></td></tr>
<!-- [END HACK='vB Pager' AUTHOR='UAEWEB.COM' VERSION='3.0.3' CHANGEID= 4 ] -->
=============================

In the template: footer
=============================
FIND
=============================
<script type="text/javascript">
<!--
// Main vBulletin Javascript Initialization
vBulletin_init();
//-->
</script>
=============================
BELOW ADD
=============================
<!-- [START HACK='vB Pager' AUTHOR='UAEWEB.COM' VERSION='3.0.3' CHANGEID= 5 ] -->
$pagermessage
<!-- [END HACK='vB Pager' AUTHOR='UAEWEB.COM' VERSION='3.0.3' CHANGEID= 5 ] -->
=============================

In the template: postbit (Optional)
=============================
FIND:
=============================
<if condition="$show['reputationlink']"><a href="reputation.php?$session[sessionurl]p=$post[postid]" rel="nofollow"><img class="inlineimg" src="$stylevar[imgdir_button]/reputation.gif" alt="<phrase 1="$post[username]">$vbphrase[add_to_xs_reputation]</phrase>" border="0" /></a> &nbsp;</if>
=============================
Add BELOW:
=============================
<!-- [START HACK='vB Pager' AUTHOR='UAEWEB.COM' VERSION='3.0.3' CHANGEID= 6 ] -->
<if condition="$vboptions['vbpager_active'] AND $bbuserinfo[userid]">
<a href="#" onclick="window.open('pager.php?do=buddylist&amp;p userid=$post[userid]','pagerbuddylist','statusbar=no,menubar=no,toolba r=no,scrollbars=yes,resizable=yes,width=$vboptions[vbpager_width],height=$vboptions[vbpager_height]'); return false;"><img class="inlineimg" src="$stylevar[imgdir_statusicon]/vbpager_icon.gif" alt="<phrase 1="$post[username]">$vbphrase[pager_send_pager_message_to_x]</phrase>" border="0" /></a> &nbsp;</if>
<!-- [END HACK='vB Pager' AUTHOR='UAEWEB.COM' VERSION='3.0.3' CHANGEID= 6 ] -->
=============================

In the template: postbit_legacy (Optional)
=============================
FIND:
=============================
<if condition="$show['reputationlink']"><a href="reputation.php?$session[sessionurl]p=$post[postid]" rel="nofollow"><img class="inlineimg" src="$stylevar[imgdir_button]/reputation.gif" border="0" alt="<phrase 1="$post[username]">$vbphrase[add_to_xs_reputation]</phrase>" /></a></if>
=============================
Add BELOW:
=============================
<!-- [START HACK='vB Pager' AUTHOR='UAEWEB.COM' VERSION='3.0.3' CHANGEID= 7 ] -->
<if condition="$vboptions['vbpager_active'] AND $bbuserinfo['userid']">
<a href="#" onclick="window.open('pager.php?do=buddylist&amp;p userid=$post[userid]','pagerbuddylist','statusbar=no,menubar=no,toolba r=no,scrollbars=yes,resizable=yes,width=$vboptions[vbpager_width],height=$vboptions[vbpager_height]'); return false;"><img class="inlineimg" src="$stylevar[imgdir_statusicon]/vbpager_icon.gif" alt="<phrase 1="$post[username]">$vbphrase[pager_send_pager_message_to_x]</phrase>" border="0" /></a></if>
<!-- [END HACK='vB Pager' AUTHOR='UAEWEB.COM' VERSION='3.0.3' CHANGEID= 7 ] -->
=============================

################################################## ###########################
############################### EDITS END ###############################
################################################## ###########################

Step 4. From The Admincp, Edit vB Pager Options and Usergroup Permissions.
Step 5: Enjoy your new hack. And if you haven't already, click install at vBulletin.org.

################################################## ###########################
############################### Many thanks to #############################
################################################## ###########################

- nexialys, for his help with the design and style.
- Zero Tolerance and Andreas a.k.a. KirbyDE, for their vB 3.5 tutorials.

################################################## ###########################
################################### THE END #################################
################################################## ###########################

Swampfox 07-30-2007 12:04 PM
Not asking for details about the vulnerability, I understand why they shoudnt be disclosed, I just have one basic question

In order to use the exploit, someone would have to have access to the pager system, correct?, Im thinking of limiting access to it to just a specific usergroup on my site, with only people I trust.

Dismounted 07-30-2007 12:10 PM
Yes, users need to be able to access the pager to actually use the vulnerability.

talenak 07-31-2007 02:06 AM
My members have voted unanimously to remove the security risk. So away it goes. Thank you for your answer Kirk!


All times are GMT. The time now is 10:40 PM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01325 seconds
  • Memory Usage 1,804KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete