vbulletin 3.8.6 cookie security hole
 

Hi.
Html code in my web site has been closed.
but,

one

write on my site.
smile and exit,

if I enter the http://46.20.2.51/%7Esecurity/vbulletin/smile.php

See the picture

this one is open,
how to shut down

https://vborg.vbsupport.ru/external/2012/01/55.jpg

--------------- Added [DATE]1325966151[/DATE] at [TIME]1325966151[/TIME] ---------------

look
wrote the code,
vbulletin.com have the security error.

I don't understand what the problem is. It could be because I can't read whatever language that is in the picture.

That is like an htaccess protection popup. Someone has protection on the directory where the site or image is located.

Sorry,
My english very bad,

Now,
Please [IMG]http://46.20.2.51/%7Esecurity/vbulletin/smile.php[/IMG ] write your web site . [/IMG ] delete the space

So are you saying that it's a security hole because that popup might trick people into entering their vbulletin password?

No...

1: https://vborg.vbsupport.ru/external/2012/01/7.gif My message

2:

This not a pic. It is a .php files,


https://vborg.vbsupport.ru/external/2012/01/54.jpg

Sorry, I still don't get it. It just seems like you've linked to a file that's password-protected by your web server. If there's something else going on, I don't understand.

It could be that I just don't understand enough about security holes to know what you're saying, but maybe someone else will.

I think all they are saying is someone linked to a php file using an IMG tag.

Ive removed the links from this thread as the pop-up was annoying.

And since there was no way to read the source code, no real way to tell what all was in the file.

OK, but how is that a security hole (and what does it have to do with cookies)? Maybe if they are saying that someone was able to upload a php file as an image, then run it by putting it in an IMG tag? (No, that doesn't make sense, you could run it without the img tag).