Go Back   vb.org Archive > Community Central > Community Lounge
Reload this Page Close Your vba Gallery for the Security Reson read....
FAQ Community Calendar Today's Posts Search

Closed Thread
 
Thread Tools Display Modes
  #1  
Old 06-13-2005, 11:23 AM
Niceboy Niceboy is offline
 
Join Date: Apr 2005
Posts: 45
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Close Your vba Gallery for the Security Reson read....
Hi there

I was Today at H2kmatrix.com and i see there is Some thread called vba gallery and i right away go check it was some bug in vba gally that let everyone edit /delete /active the image etc.. and it work Everyone who use vBa gallery just close it for Security reson

You can Read here
[link removed]
  #2  
Old 06-13-2005, 11:33 AM
Zero Tolerance's Avatar
Zero Tolerance Zero Tolerance is offline
 
Join Date: Feb 2004
Location: England
Posts: 813
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Sounds like some missing/incorrect logic to check permissions, i'm sure Tigga will get it sorted straight away.

- Zero Tolerance
  #3  
Old 06-13-2005, 11:37 AM
amykhar's Avatar
amykhar amykhar is offline
 
Join Date: Oct 2001
Location: PA
Posts: 4,438
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
It might be better to post this in the hack's thread.
  #4  
Old 06-13-2005, 11:45 AM
Niceboy Niceboy is offline
 
Join Date: Apr 2005
Posts: 45
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by amykhar
It might be better to post this in the hack's thread.
but this is not hack just security info :nervous:
  #5  
Old 06-13-2005, 12:03 PM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Yes but all questions/remarks/warnings should go into the support thread/forum for that hack. The author might not read all posts on vb.org.
  #6  
Old 06-13-2005, 12:08 PM
sabret00the's Avatar
sabret00the sabret00the is offline
 
Join Date: Jan 2003
Location: London
Posts: 5,268
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
not really a true exploit as it doesn't cause any problems really, but at the same time it's easily enough fixed with a quick conditional
  #7  
Old 06-13-2005, 12:48 PM
Dean C's Avatar
Dean C Dean C is offline
 
Join Date: Jan 2002
Location: England
Posts: 9,071
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
While we appreciate you informing of our members of potential vulnrabilities in software they may be using, it's not wise to post a direct link to how to exploit it. I've removed your link. Please contact the modification author with the information
  #8  
Old 06-13-2005, 02:48 PM
KW802's Avatar
KW802 KW802 is offline
 
Join Date: Jul 2003
Location: A galaxy far, far away...
Posts: 1,450
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
A quick patch can be found here: http://www.vbadvanced.com/forum/showthread.php?t=8661 (post #8)
  #9  
Old 06-13-2005, 04:11 PM
Tigga's Avatar
Tigga Tigga is offline
 
Join Date: Dec 2001
Location: Atlanta
Posts: 1,061
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Shut down your galleries huh? That's a little extreme. Yes, there is a bug with vBa Gallery, but it's not as severe as that post makes it out to be. You cannot validate/delete images that are waiting approval unless you are a moderator/admin, but there is a bug where that is possible with posts that are awaiting moderation. That's obviously still not a good thing and we will be releasing an update shortly to correct the problem (or, as Kevin said, there is a fix posted), but the problem is still not as severe as those posts indicate.
  #10  
Old 06-13-2005, 05:33 PM
Brad Brad is offline
 
Join Date: Nov 2001
Posts: 4,765
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I am going to close this one, I think this has gone about as far as it needs to.
Closed Thread

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 06:15 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04127 seconds
  • Memory Usage 2,237KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete