vb.org Archive
Page 1 of 6 1 23 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   Warning to FlashChat users - security hole (https://vborg.vbsupport.ru/showthread.php?t=125457)

MPDev 08-31-2006 10:12 PM
Warning to FlashChat users - security hole
 
GET /chat/inc/cmses/aedatingCMS.php?<exploit data>

Warning to users who use FlashChat - this script was just used to add an exploit script to my server.

Paul M 08-31-2006 10:37 PM
Please don't post full exploits where everyone can see them (and then go try them ....).

Anyone with Flashchat integrated with their VB should remove all the files from /chat/inc/cmses/ except the vbulletin##CMS.php file they are using (where ## is either 30, 35 or 36) as they are not used.

PamelaE 09-01-2006 11:38 PM
If you have already been 'hacked' into via this hole. Then do you need to do anything addtionally to resolve it ?

Ascor 09-02-2006 12:28 AM
thank you for information MPDev :)

FLMom 09-02-2006 02:37 AM
Quote:
Originally Posted by Paul M
Please don't post full exploits where everyone can see them (and then go try them ....).

Anyone with Flashchat integrated with their VB should remove all the files from /chat/inc/cmses/ except the vbulletin##CMS.php file they are using (where ## is either 30, 35 or 36) as they are not used.

Thanks Paul for this! I removed all files but the 30, 35, and 36 because I just wasn't sure which one I needed :surprised:

Ntfu2 09-02-2006 02:50 AM
FLMom

which version of vBulletin do you use?

I'd assume 30 is for the 3.0.x series, 35 is for 3.5.x and 36 is for vBulletin 3.6

Hope that helps, and glad i dont have this anymore :D

jw00dy 09-02-2006 09:08 AM
Thanks for the heads up. I'm a nut about space, so these already didn't exist, but it's still great to know.

bashy 09-02-2006 09:43 AM
Cheers peeps...issues pre-resolved :)

steven s 09-02-2006 10:06 AM
Quote:
Originally Posted by FLMom
Thanks Paul for this! I removed all files but the 30, 35, and 36 because I just wasn't sure which one I needed :surprised:
Look in your chat directory /inc/config.php

Line 55 in my file
Code:
//your CMS system
'CMSsystem' => 'vbulletinXXCMS',// defaultCMS - default CMS, blank - stateless CMS

Rebecca217 09-02-2006 11:26 AM
Thanks for posting the fix, Paul. :)

Rebecca


All times are GMT. The time now is 08:22 PM.
Page 1 of 6 1 23 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01025 seconds
  • Memory Usage 1,729KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete