vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 4.x Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=245)
-   -   Administrative and Maintenance Tools - vt.Lai VBB Anti CSRF 1.2 - Anti CSRF Attack To AdminCP vBulletin (https://vborg.vbsupport.ru/showthread.php?t=292886)

VuThanhLai 12-10-2012 11:00 PM
vt.Lai VBB Anti CSRF 1.2 - Anti CSRF Attack To AdminCP vBulletin
 
1 Attachment(s)
How to attack:

http://www.youtube.com/watch?v=0W8KW...layer_embedded

How to Fix ?

+ First solution:
Rename admincp dir. This is simple solution. However, when used in this way, will be some mod is not working or error.
In another case, if you have sub forum Admin, when you change the AdminCP dir, you must inform them of this. => They still know where is admincp folder.

+ Second solution:
Use this add on :)

https://vborg.vbsupport.ru/external/2012/12/22.png

Options:
https://vborg.vbsupport.ru/external/2012/12/23.png


Applies to all vbulletin versions

Change log:
v1.2: Fix some issue if admincp folder name has special char
v1.1: Fix loop error + Add some options

Source:
vt.Lai VBB Anti CSRF 1.0
vt.Lai VBB Anti CSRF 1.1
vt.Lai VBB Anti CSRF 1.2

ramesh_umk3 12-11-2012 03:50 PM
I don't take chance so installed thanks for predicting this loop whole mate :)


All times are GMT. The time now is 07:33 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01569 seconds
  • Memory Usage 1,711KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (2)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete