vb.org Archive
Page 1 of 3 1 23
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vbBux / vbPlaza (https://vborg.vbsupport.ru/forumdisplay.php?f=171)
-   -   Security hole in attachment downloads for points. (https://vborg.vbsupport.ru/showthread.php?t=116176)

Bernd 05-20-2006 05:05 PM
Security hole in attachment downloads for points.
 
Personally I tend to copy and paste links from the attachment manager into the text editor to link attachment downloads and i've come across the following issue.

Links in the attachment manager after upload are structured like the example below.

Code:
http://yoursite/forum/attachment.php?attachmentid=137&stc=1&d=1137783349
An equivalent link without stc=1 will substract the points or show the purchase attachment template.

If you use the links with STC=1, they will be available for free...anybody who knows this can download anything for free, no matter the amount of points needed.

I believe the issue can be easily fixed, but I'm not a php expert.
If i'm not mistaken the file to be fixed is plugins/vbplaza_attachment_start.php.

I have a shop built around vbplaza and would love to have this fixed since we are about to launch in a few days.

fly 05-22-2006 11:22 AM
Ooops, that's not good.

Bernd 05-22-2006 11:57 AM
nope, it ain't :P

Ntfu2 05-22-2006 02:09 PM
I fail to see how this is a "security" hole?

fly 05-22-2006 02:13 PM
Quote:
Originally Posted by Ntfu2
I fail to see how this is a "security" hole?
If we're splitting hairs, would you prefer the term exploit?

Ntfu2 05-22-2006 02:16 PM
Security hole: In computer software, a security vulnerability is a software bug that can be used deliberately to violate security.

Exploit sounds better :D

fly 05-22-2006 02:24 PM
Quote:
Originally Posted by Ntfu2
Security hole: In computer software, a security vulnerability is a software bug that can be used deliberately to violate security.

Exploit sounds better :D
Lets discuss why BSD is better than Linux now too! kekekekeke :banana:

Bernd 05-22-2006 04:15 PM
Exploit then...sorry that i didn't use the correct terminology. none the less, it is a hole in the bit of code that checks if an attachment should be paid for :P. Call it exploit, hole, security exploit or security hole for my part. It's one thing for certain...it's annoying as hell...or heaven, depending on your 'religious' preferences.

Hornstar 05-23-2006 12:32 AM
Quote:
Originally Posted by Bernd
Exploit then...sorry that i didn't use the correct terminology. none the less, it is a hole in the bit of code that checks if an attachment should be paid for :P. Call it exploit, hole, security exploit or security exploit for my part. It's one thing for certain...it's annoying as hell...or heaven, depending on your 'religious' preferences.

amen :banana:

Quarterbore 05-31-2006 06:44 PM
So, has anybody recoded this to use a POST instead of a GET? This is a simple fix from 1st look....


All times are GMT. The time now is 07:48 AM.
Page 1 of 3 1 23
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01002 seconds
  • Memory Usage 1,729KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (3)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete