vb.org Archive - View Single Post

Velocd · #1 07-26-2002, 04:05 AM

..that I need your opinion on, and what vulnerabilities it could possibly cause for the forum.

This hack will create a new large profile field similar to the signature field in the user-profile page. There a user will allow to enter all the web authoring code they want (assume there is no block of which languages they could use), and then this code is stored in the user table as a new column of data, called "custompage".

I create a new template, inside the template I place $headinclude, $header, and $footer. Between the $header and $footer I place this variable: $custompage

$custompage referes to all the data that the user inputted into their field.

Initially, by a link in each users profile, which will look something like: http://www.mysite.com/forums/member.php?s=$session[sessionhash]&action=getcustompage&userid=$userinfo[userid], the member will be sent to a new page that contains all the content they entered in their custompage field. Ofcourse this content will be translated into weblanguage code, and thus displaying that users custom page!

Sounds cool, right? Well now I know the uses of HTML on the forum are bad enough for vulnerabilities, so what serious problems would occur allowing this?

What comes to my mind ofcourse is malicious users making PHP queries in the field and corrupting my database! Totally possible from my point of view. Other things include calling variables from the global.php, since it is being referenced in members.php, and also calling other variables from members.php.

So..to prevent these things, disabling (ofcourse) PHP and other non-HTMl/Javascript languages would probably be a very high priority. As for HTML and javacript itself though, what problems can occur?

Any help on this would be great!

Regards,
Velocd

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01255 seconds Memory Usage 1,766KB Queries Executed 11 (?)
More Information
Template Usage: (1)SHOWTHREAD_SHOWPOST (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_box (1)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (1)post_thanks_postbit_info (1)postbit (1)postbit_onlinestatus (1)postbit_wrapper (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit reputationlevel showthread	Included Files: ./showpost.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_postinfo_query fetch_postinfo fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showpost_start bbcode_fetch_tags bbcode_create postbit_factory showpost_post postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start showpost_complete
Messages: