Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 3.5 > vBulletin 3.5 Add-ons
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
[AJAX] vBShout v2.0 Details »»
[AJAX] vBShout v2.0
Version: 2.0, by Zero Tolerance Zero Tolerance is offline
Developer Last Online: Nov 2023 Show Printable Version Email this Page

Version: 3.5.0 RC2 Rating:
Released: 07-27-2005 Last Update: 04-22-2006 Installs: 1831
Uses Plugins Template Edits
Additional Files  
No support by the author.

[high]Staff Edit/Update[/high]

I have released an updated version of this hack (version 2.0.1), this version fixes some security issues with this hack. All version prior to this one allow users to insert html in their shouts, this can cause problems with them using html that breaks the site layout or malicious javascript. Download the new zip file (vBshout_fixed.zip) and upload the new vbshout.php file to patch/upgrade. If you want to manual instructions they are in the zip file, in the file bugfixes.txt

Second Staff update

I've uploaded a new version of this hack, dubbed '2.0.2'. This one should fix the html injection issues without breaking special characters. To upgrade, download the new zip file and upload the new vbshout.php file.

Please note that this only fixes the html injection issues. I do not use this hack on my own forum (although I've tested this on a client's board) so I will not be fixing the server load issues. I suggest you do not install this hack if you can't deal with the extra server load, as it's rather intensive.

- Brad

[high]End staff edit[/high]

Well, been a while since I've been to vb.org and released anything, thought i'd break the trend and whip up something quick while I have a little spare time.

A shoutbox as you would assume, a very simple one to start off with, but does include AJAX Technology, which pushes the shoutbox 1 step closer to live, messages from other people will appear with no refreshing, and so will yours that you post

A preview is below, i'd estimate a 50 second installation max

Primary Features:
- AJAX Technology (no refreshing)
- Administration control an display element options
- Fast format editor

Change Log::

- v1.1:
WOL (Who's Online) Correction

- v1.2:
New Posting Featurs (Bold/Italic/Underline/Colour/Font)
Admin Controls

- Change location/position of shoutbox
- Change number of shouts displayed
- Switch vbcode/similes on/off
- v1.3
Firefox javascript issue fixed
New Admin Controls

- Command Activation
- Swtch extra format options on/off
- Change position of editor (above/below messages)
New Commands

- /prune (Clears the shoutbox completely)
- /prune [username] (Clears all shouts posted by specified user)
- v1.4
Usergroup HTML Markup For Usernames
Clear Editor Button
Emoticons Pop Up Menu
Time display configurated to vBulletin settings
Username Links To Profile
New Admin Conrols

New vBShout Position (Directly Above Forums)
Banned Users
Banned Usergroups
Banned Permissions
Smilie Pop-Up Box Height
Smilie Pop-Up Box Width
New Commands

"/me" - Action message (all users are able to use this command)
/pruneshout [shout] - Deletes a single shout
- v1.5
Improved Smilies Display
XHTML 1.0 Transitional Valid (couple of errors fixed)
New Admin Options

Shoutbox Height
Smilies To Show
Shout Messages Order
Banned Permissions (fixed)
- v1.6
Bug Fixes:

- Unable to delete shouts that used /me command fixed
- Shouts being displayed from bottom-upwards only showed first 20 shouts
Automatically parses URL's

- v2.0
New Archive

- Displays shouts and pages
- Stats and top 10 shouters
- AJAX Edit/Delete (staff can edit/delete all shouts)
Enjoy,

- Zero Tolerance

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #2202  
Old 09-08-2006, 06:13 PM
Guest190829
Guest
 
Posts: n/a
Default

Quote:
Originally Posted by syrus.xl
The code I would have thought was some type of re-write code, because it looked like I had placed a passworded directory on my entire site. There was an image, with a red x but nothing showed up, but no text was showing - just the username. I won't post the whole contents on here, because its a public board, but I did a search on Google and it showed up in a number of places.

This is the second attempt within a few days, but the other person tried posting re-direct HTML in in a thread, luckily it failed.

I used to have FlashChat installed, but that now just leaves your site open to attack. Going to see if I can tighten my coding to prevent this happening again.
Please report all Security Vunerabilities to staff via the "Report This Modification" link under Mod Options. The staff will then evaluate your report and the modification, and proceed from there.

Please describe as best you can what happened and the code used...etc...etc..

Regards,
Danny
Reply With Quote
  #2203  
Old 09-08-2006, 11:34 PM
Silver740 Silver740 is offline
 
Join Date: Jan 2003
Posts: 37
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

If you add a " in my shoutbox, it shows up as " in the box. Any fix to this? I've updated it w/ the latest file available for download as of today.
Reply With Quote
  #2204  
Old 09-08-2006, 11:50 PM
da420 da420 is offline
 
Join Date: Nov 2005
Posts: 1,232
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Page 109 of this thread Brad released a .php file that works. Try that.
Reply With Quote
  #2205  
Old 09-09-2006, 08:09 AM
GoTTi GoTTi is offline
 
Join Date: Jun 2002
Posts: 1,346
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

im just gunna make my users use mirc.
Reply With Quote
  #2206  
Old 09-09-2006, 08:31 AM
Shazz's Avatar
Shazz Shazz is offline
 
Join Date: Jun 2006
Location: Utah
Posts: 4,758
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by GoTTi
im just gunna make my users use mirc.
Mirc.? :hurt:
Reply With Quote
  #2207  
Old 09-09-2006, 04:19 PM
GoTTi GoTTi is offline
 
Join Date: Jun 2002
Posts: 1,346
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

<a href="http://www.mirc.com" target="_blank">www.mirc.com</a>

i have a IRCD Server on my server so im good.

its just a chat client.
Reply With Quote
  #2208  
Old 09-09-2006, 04:55 PM
o0Hubba0o's Avatar
o0Hubba0o o0Hubba0o is offline
 
Join Date: Mar 2005
Location: Minnesota
Posts: 263
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by syrus.xl
My site was hacked through vbShout this evening. A new member joined and posted code numerous times, which caused a directory popup box to appear, asking for username and password.
that's the same thing that happened on mine, some users were able to get a word in here or there, but I had to ctrl/alt/del and shut down my browser through there.

I noticed that people who hadn't confirmed their emails could use the shoutbox (such as this freeze fellow), so I added that user group to the unable to use option. I also added freeze to the names not allowed on registration heh, because after I banned him he re-registered and had a completley different ip but still used freeze in his name.


I don't know what he typed in the shoutbox because I pruned it as soon as i could, the last thing I seen him say was daaaaaaaannnngeeeeeeerrrrrrrrrr
Reply With Quote
  #2209  
Old 09-09-2006, 05:59 PM
nix's Avatar
nix nix is offline
 
Join Date: Mar 2005
Posts: 975
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by syrus.xl
My site was hacked through vbShout this evening. A new member joined and posted code numerous times, which caused a directory popup box to appear, asking for username and password.

I managed to squeeze in a /prune to override it, and ban the user. I've now closed my site off to new registrations.

Another mod I need to uninstall...shame I liked this as well.
What version was it? 2.1?
Reply With Quote
  #2210  
Old 09-09-2006, 08:20 PM
thunder_sti thunder_sti is offline
 
Join Date: Sep 2006
Posts: 161
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Does this works for vb 3.5.5???

And what is a shout box???

Once installed can it be disabled etc..

Thanks,,, sorry, but my conection is limited, if not I would of done my homework,,,(search)

Thanks
Reply With Quote
  #2211  
Old 09-09-2006, 08:23 PM
da420 da420 is offline
 
Join Date: Nov 2005
Posts: 1,232
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by thunder_sti
Does this works for vb 3.5.5???

And what is a shout box???

Once installed can it be disabled etc..

Thanks,,, sorry, but my conection is limited, if not I would of done my homework,,,(search)

Thanks
Yes.

It's like a chat box at the forum home page at the top or bottom of the page.

Yes, in your product manager it can be easily disabled.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 04:49 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.12196 seconds
  • Memory Usage 2,319KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (5)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (6)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete