vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB5 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=262)
-   -   BB IMG code exploit allows php - need advice (https://vborg.vbsupport.ru/showthread.php?t=304976)

webtracker 11-24-2013 02:41 PM
BB IMG code exploit allows php - need advice
 
A user on my forum turned me on to a BB code exploit. I'm using 4.2.2

A php script could be used to deliver a popup window simply by placing a link to it in the [ IMG ] tags. Upon opening the post or private message, the code is executed and the "victim" gets the popup prompt and displays their IP address (login credentials if the enter them).

I tried the censor feature and blocked most of the common programming extensions but it's creating other issues. Does anyone have another idea that might work? Thanks.

Here's an example (check the bb code):

https://vborg.vbsupport.ru/external/2013/11/16.png

BirdOPrey5 11-24-2013 05:53 PM
I don't think this has anything to do with the .php extension.

If you image-link to an image (or any file) that is behind an .htaccess password protected directory the web browser automatically pops up the log-in box asking for credentials before it can download the image.

There is no php code executed.

It's not an exploit of any type, it is simply how all web browsers behave when faced with accessing a password protected directory.

Which by the way, you should never put your username/password into such a box unless you know what site has created said box and are legitimately trying to log in- the admin of the remote site can be recording the usernames/passwords being tried in the form.

This would happen on all versions of vBulletin, and indeed *any* forum software that allows [IMG] bbcode.


All times are GMT. The time now is 02:47 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03816 seconds
  • Memory Usage 1,707KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (2)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete