vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Community Lounge (https://vborg.vbsupport.ru/forumdisplay.php?f=13)
-   -   Attention Everyone (https://vborg.vbsupport.ru/showthread.php?t=73139)

Gio~Logist 12-20-2004 11:10 PM
Attention Everyone
 
i dont know if it has come to anyone's attention but i have been trying to hack my own site and mess with it myself to see if there are any security wholes on vb that i can fix to protect myself, im here trying all this high tech stuff when i notice that a simple little code in your signature can make the site redirectt wherever you post

<head>

<META HTTP-EQUIV="refresh" content="2;URL=http://www.************.com">

</head>

inserting that in your signature when html sigs are available will make the site redirect

now that i know how to DO it, is there any way to STOP PEOPLE FROM DOING IT!!?!?!?

cinq 12-20-2004 11:31 PM
disable html ?

Caiman 12-20-2004 11:32 PM
Quote:
Originally Posted by cinq
disable html ?
Quite, I didn't know ANYONE still allowed HTML in signatures :rolleyes:

Gio~Logist 12-20-2004 11:58 PM
yes i did that but now i dont feel like going and making a vb code for all these different codes that members like to use in profiles like drop downs and all of that

and half of the rapboards allot html in their sigs, which is dum cuz rapboards are the boards that get haked the most

filburt1 12-21-2004 12:27 AM
Quote:
Originally Posted by gio~logist
and half of the rapboards allot html in their sigs, which is dum cuz rapboards are the boards that get haked the most
Put 2-and-2 together. There's a reason the only bolded part in a description in vB's admin CP is to keep HTML off.

Gio~Logist 12-21-2004 12:39 AM
Indeed, my site is safe, this is not about my site. Its for other sites so i can tell them a way to be secure without having to disable html

If there is a way.....

Reeve of shinra 12-21-2004 12:46 AM
bbcode ?!?

Gio~Logist 12-21-2004 01:33 AM
Quote:
Originally Posted by Reeve of shinra
bbcode ?!?

what?

Dean C 12-21-2004 10:42 AM
It clearly says in the admincp that HTML should be turned on with moderation as it's a security risk., as in you should keep a close-eye on who uses it.

deathemperor 12-21-2004 11:59 AM
Quote:
Originally Posted by Reeve of shinra
bbcode ?!?
he meant you can try replacing html code with bbcode. that's the only way.

Gio~Logist 12-21-2004 12:06 PM
Quote:
Originally Posted by deathemperor
he meant you can try replacing html code with bbcode. that's the only way.

Yea i was thinking of that and i can come up with a bbcode for pretty much any html code ACCEPT things like drop down boxes. It is clearly impossible to make a bbcode for that.

The reason i made this thread was because most of the forums i'm at allow html. Then again, these are all rap boards...Anyways, i see you guys have this situation under control in your forums so my help was just a little useless lol. You guys can close this thread if you'd like.

AN-net 12-21-2004 04:43 PM
you can make a bbcode called [dropdown] and then make a bbcode called [option] and thats all you need for a drop down;)

Erwin 12-21-2004 08:14 PM
Quote:
Originally Posted by gio~logist
i dont know if it has come to anyone's attention but i have been trying to hack my own site and mess with it myself to see if there are any security wholes on vb that i can fix to protect myself, im here trying all this high tech stuff when i notice that a simple little code in your signature can make the site redirectt wherever you post


<head>

<META HTTP-EQUIV="refresh" content="2;URL=http://www.************.com">


</head>



inserting that in your signature when html sigs are available will make the site redirect



now that i know how to DO it, is there any way to STOP PEOPLE FROM DOING IT!!?!?!?
The moment you enable HTML, your forums are no longer secure.

Gio~Logist 12-21-2004 09:53 PM
Quote:
Originally Posted by AN-net
you can make a bbcode called [dropdown] and then make a bbcode called [option] and thats all you need for a drop down;)

and the replacement code will be wat? lol

moethelawn 12-22-2004 08:31 PM
Quote:
Originally Posted by gio~logist
i dont know if it has come to anyone's attention but i have been trying to hack my own site and mess with it myself to see if there are any security wholes on vb that i can fix to protect myself, im here trying all this high tech stuff when i notice that a simple little code in your signature can make the site redirectt wherever you post


<head>

<META HTTP-EQUIV="refresh" content="2;URL=http://www.************.com">


</head>



inserting that in your signature when html sigs are available will make the site redirect



now that i know how to DO it, is there any way to STOP PEOPLE FROM DOING IT!!?!?!?
I knew that even before I had my own vB forum (no, I didn't use the html code either :P)

James T Brock 12-22-2004 09:51 PM
Allowing HTML automatically makes your forum insecure. The only reason I can think of to allow HTML on a forum is if your board is a small private community. Otherwise you're just asking for trouble.

Gio~Logist 12-25-2004 03:13 AM
Quote:
Originally Posted by moethelawn
I knew that even before I had my own vB forum (no, I didn't use the html code either :P)

so did i, i just didnt know that vb allowed it, i thought it was protected not to allow it or something

filburt1 12-25-2004 04:20 AM
Quote:
Originally Posted by gio~logist
so did i, i just didnt know that vb allowed it, i thought it was protected not to allow it or something
Not when you specifically turn it on...it's off by default everywhere.


All times are GMT. The time now is 07:17 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01042 seconds
  • Memory Usage 1,751KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (10)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (18)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete