vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Community Lounge (https://vborg.vbsupport.ru/forumdisplay.php?f=13)
-   -   Close Your vba Gallery for the Security Reson read.... (https://vborg.vbsupport.ru/showthread.php?t=83004)

Niceboy 06-13-2005 11:23 AM
Close Your vba Gallery for the Security Reson read....
 
Hi there

I was Today at H2kmatrix.com and i see there is Some thread called vba gallery and i right away go check it was some bug in vba gally that let everyone edit /delete /active the image etc.. and it work Everyone who use vBa gallery just close it for Security reson

You can Read here
[link removed]

Zero Tolerance 06-13-2005 11:33 AM
Sounds like some missing/incorrect logic to check permissions, i'm sure Tigga will get it sorted straight away.

- Zero Tolerance

amykhar 06-13-2005 11:37 AM
It might be better to post this in the hack's thread.

Niceboy 06-13-2005 11:45 AM
Quote:
Originally Posted by amykhar
It might be better to post this in the hack's thread.
but this is not hack just security info :nervous:

Marco van Herwaarden 06-13-2005 12:03 PM
Yes but all questions/remarks/warnings should go into the support thread/forum for that hack. The author might not read all posts on vb.org.

sabret00the 06-13-2005 12:08 PM
not really a true exploit as it doesn't cause any problems really, but at the same time it's easily enough fixed with a quick conditional :)

Dean C 06-13-2005 12:48 PM
While we appreciate you informing of our members of potential vulnrabilities in software they may be using, it's not wise to post a direct link to how to exploit it. I've removed your link. Please contact the modification author with the information :)

KW802 06-13-2005 02:48 PM
A quick patch can be found here: http://www.vbadvanced.com/forum/showthread.php?t=8661 (post #8)

Tigga 06-13-2005 04:11 PM
Shut down your galleries huh? That's a little extreme. Yes, there is a bug with vBa Gallery, but it's not as severe as that post makes it out to be. You cannot validate/delete images that are waiting approval unless you are a moderator/admin, but there is a bug where that is possible with posts that are awaiting moderation. That's obviously still not a good thing and we will be releasing an update shortly to correct the problem (or, as Kevin said, there is a fix posted), but the problem is still not as severe as those posts indicate.

Brad 06-13-2005 05:33 PM
I am going to close this one, I think this has gone about as far as it needs to.


All times are GMT. The time now is 01:00 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01198 seconds
  • Memory Usage 1,725KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete