vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   Problem: cannot create user in 3.8.2 using data manager. (https://vborg.vbsupport.ru/showthread.php?t=242473)

enkord 05-14-2010 04:24 AM
Problem: cannot create user in 3.8.2 using data manager.
 
Hi all. I have a problem with 3.8.2. There is a small script used to add user to forum.


gunroxinterface.php:
PHP Code:
<?
define('VB_AREA', 'External');
define('SKIP_SESSIONCREATE', 1);
define('SKIP_USERINFO', 1);
define('CWD', '/home/gunrox/public_html/forum');
require_once(CWD . '/includes/init.php');  

$userdata=&datamanager_init('User', $vbulletin, ERRTYPE_ARRAY);
$userdata->set("username", $_GET['login']);
$userdata->set("email", $_GET['email']);
$userdata->set("password", $_GET['password']);
$userdata->set("usergroupid", 3);
$date=date("Y-m-d", mktime(0, 0, 0, $_GET['month'], $_GET['day'], $_GET['year']));
$userdata->set("birthday", $date);

if (sizeof($userdata->errors)>0 && trim(implode("", $userdata->errors))!="") {
     echo "Error: <br>";
     foreach ($userdata->errors as $i)
          echo $userdata->errors[$i]."<br>";
} else {
     $userdata->save();
     echo "success";
}


?>
It is called in GET from another script:

PHP Code:
$result implode(""file($url_root."forum/gunroxinterface.php?action=createaccount".
                    "&login=naohsons&password=naohsons&email=naohsons%40mailinator.com&day=1&month=1&year=1980"));
     echo $result
The result of script
is Error: <br><br>

It is strange - $userdata->errors has empty item.

Please give me advice.

Thanks in advance!

TheLastSuperman 05-14-2010 01:28 PM
Well quit looking and help him Nex :p

vbenhancer 05-14-2010 01:30 PM
hey, don't ask me, Michael, i'm not into exploits ... rofl

actually, you can and will never be able to create a user by passing information via a url called by echo... this is what we call an exploit or xss insert, which is really not something you can do inside vBulletin because of all the data verifications process.

you must show us what you need instead, so we can bring a solution.


All times are GMT. The time now is 04:44 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01901 seconds
  • Memory Usage 1,714KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_php_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (3)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete