The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
vbulletin 3.8.6 cookie security hole
Hi.
Html code in my web site has been closed. but, one write on my site. smile and exit, if I enter the http://46.20.2.51/%7Esecurity/vbulletin/smile.php See the picture this one is open, how to shut down --------------- Added [DATE]1325966151[/DATE] at [TIME]1325966151[/TIME] --------------- look wrote the code, vbulletin.com have the security error. |
#2
|
|||
|
|||
I don't understand what the problem is. It could be because I can't read whatever language that is in the picture.
|
#3
|
||||
|
||||
That is like an htaccess protection popup. Someone has protection on the directory where the site or image is located.
|
#4
|
|||
|
|||
Sorry,
My english very bad, Now, Please [IMG]http://46.20.2.51/%7Esecurity/vbulletin/smile.php[/IMG ] write your web site . [/IMG ] delete the space |
#5
|
|||
|
|||
So are you saying that it's a security hole because that popup might trick people into entering their vbulletin password?
|
#6
|
|||
|
|||
No...
1: My message 2: This not a pic. It is a .php files, |
#7
|
|||
|
|||
Sorry, I still don't get it. It just seems like you've linked to a file that's password-protected by your web server. If there's something else going on, I don't understand.
It could be that I just don't understand enough about security holes to know what you're saying, but maybe someone else will. |
#8
|
||||
|
||||
I think all they are saying is someone linked to a php file using an IMG tag.
Ive removed the links from this thread as the pop-up was annoying. |
#9
|
||||
|
||||
And since there was no way to read the source code, no real way to tell what all was in the file.
|
#10
|
|||
|
|||
OK, but how is that a security hole (and what does it have to do with cookies)? Maybe if they are saying that someone was able to upload a php file as an image, then run it by putting it in an IMG tag? (No, that doesn't make sense, you could run it without the img tag).
|
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|