vb.org Archive
Page 1 of 9 1 23 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.8 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=235)
-   -   Administrative and Maintenance Tools - Fix-it: Template Edition (https://vborg.vbsupport.ru/showthread.php?t=220967)

GeekyDesigns 08-14-2009 10:00 PM
Fix-it: Template Edition
 
1 Attachment(s)
A common method of defacing vBulletin sites is to edit the parsed template html directly via the database. It makes it harder for administrators to find the issue, and can be a pain in the ass to cleanup if you're not familiar with working with the database.

This tool will make it easier to clean your defaced site.

What it does:
Checks all of the templates in the database:
- Makes a new compiled version from the uncompiled template.
- Compares the current compiled template to the new compiled template
- If they differ, it updates the template, then rebuilds all of the styles.

How do you use it?
- Upload to your admincp, modcp, install, or root forums folder
- Browse to it
- Let it run
- Delete tool_recompiler.php after you are done using it.

This tool now works on vB3 and vB4.

vB4 Thread

BigDog56 08-15-2009 08:46 PM
Ok, but how does someone without access the the database able to do this to begin with? (Forgive me here, I don't mean to be stupid. But If I don't ask, I won't learn. :o)

Zachery 08-15-2009 08:55 PM
Quote:
Originally Posted by BigDog56 (Post 1868132)
Ok, but how does someone without access the the database able to do this to begin with? (Forgive me here, I don't mean to be stupid. But If I don't ask, I won't learn. :o)
They gain access on the server level, either though another account, or an exploit on a server.

RTMdotORG 08-15-2009 09:29 PM
Quote:
Originally Posted by Zachery (Post 1868136)
They gain access on the server level, either though another account, or an exploit on a server.
Will this mod tell us if we have exploits then? im confused...

Zachery 08-15-2009 09:33 PM
Quote:
Originally Posted by RTMdotORG (Post 1868149)
Will this mod tell us if we have exploits then? im confused...
No, it will repair the templates for you if you've been defaced by some random hacker group. I released the tool here because I thought people would like to have a tool to help them fix things.

RTMdotORG 08-15-2009 09:39 PM
But if it repairs templates, does it save previous template? basically...

Can it destroy a template just as easy as fix one?

Link14716 08-15-2009 09:49 PM
Here is the explanation behind how the template system and this tool works.

Templates are stored in two ways. There is the unparsed template, which you edit in the Admin CP. It is the template as you know it. Then, there is the parsed template, which is the template after it has been ran through a function to convert things like <if> tags into valid PHP parsable code.

A common method of defacing vBulletin forums is for a hacker to directly edit the parsed version of the template in the database, leaving the unparsed template alone. When you go to edit the template in the Admin CP, you won't see anything different, but the parsed version of the template has changed.

What this tool does is it takes all of the unparsed templates from the database and creates a new parsed version from it. If the newly generated parse is different than the parsed version currently in the database, it will update the template, overwriting the old, probably compromised, parsed template. This process is not "dangerous" in any way. If you run it on a normal, uncompromised forum, you won't see it updating any templates.

Zachery 08-15-2009 09:50 PM
No, it doesn't destory templates.

As explained already in the description, it checks the unprased template agasint the parsed template table. If the two don't match like they should, it takes your unparsed template and re-parses it and inserts it back into the database and removes the defacement.

RTMdotORG 08-15-2009 10:13 PM
Thanks to both of you...

erel34 08-15-2009 10:48 PM
thanks


All times are GMT. The time now is 12:51 AM.
Page 1 of 9 1 23 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01840 seconds
  • Memory Usage 1,736KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (3)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete