vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   Image BBCode Exploit of Sorts (https://vborg.vbsupport.ru/showthread.php?t=156794)

Andrew 09-01-2007 03:40 PM
Image BBCode Exploit of Sorts
 
On a forum that I'm managing, I'm having issues with a user posting links to the member's areas of porn sites in the URL portion of the image BBCode. Basically, he loads about twenty into his posts, and then anytime anyone loads the post, they're prompted to enter a password to a porn site twenty times (You can see how this adds up quickly with multiple posts in a single thread.) IP banning him isn't working, because his ISP gives him a new IP whenever he restarts his router, and I can't disable images altogether for obvious reasons. Would there be an easy way to filter links like that from being inserted into the image BBCode ? For instance, he's not linking to an image, just the URL to the backdoor like http://members.whatever.com. I guess I'm really wondering if there's a way I could force the image BBCode URL's to have an image type file extension like .jpg, .gif, or .png ?

EnIgMa1234 09-01-2007 03:48 PM
have you tried censoring the link?

Andrew 09-01-2007 04:02 PM
Yep, but he just keeps posting new ones.

EnIgMa1234 09-01-2007 04:20 PM
How you tried contacting his ISP?

Andrew 09-01-2007 06:34 PM
Quote:
Originally Posted by EnIgMa1234 (Post 1330203)
How you tried contacting his ISP?
Yes, but I can't get through to anybody that has any authority to do anything though. Plus, my entire board now knows about the exploit, so it's only a matter of time before the copycats come in and the whole place is in an uproar. I need a more permanent fix to the problem than just removing the lone user at this point in time.

After four hours of tinkering, I finally managed to craft a plugin that did the trick. If anyone else ever runs across the same problem, drop me a PM, and I'd be more than happy to send it to you.

EnIgMa1234 09-02-2007 02:13 AM
What does the plugin do?

Dean C 09-02-2007 09:29 AM
Have you tried using tachy goes to coventry? He'll think he's getting a reaction, when he isn't :)


All times are GMT. The time now is 12:16 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01869 seconds
  • Memory Usage 1,720KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (7)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete