The Arcive of Official vBulletin Modifications Site.

jadkar · #1 04-02-2006, 01:36 PM

Hello, I'm sure this is not a big deal and I'm hoping someone can let me know how to do this real quick because it's becoming a disaster.

I run a site with primarily kids on it. Someone discovered a flaw in vBulletin and have exploited it. Now 20-30 of these users are out of control and making a mess of the reputation system. I have disabled it for now, but I need to prevent them from doing this. Here's what's going on.......

They figured out when leaving "rep" for someone they can use the [IMG] tag in the comment. When they do they link to a photo that's super huge, like 8000x8000. Once this is done the poor user who received the "rep" can never load his "user CP", or it loads but takes forever. Each time this happens the only way for me to get rid of it is to actually go to the SQL database and do a search for the entry and delete it!!! There's no other way within the UserCP besides deleting all his/her "rep".

So yes, this is a mess. What I'm looking for is a way to just remove the ability of using the [IMG] tag when posting reputation.

Please help

Nathan2006 · #2 04-10-2006, 08:33 PM

Yes I would also like to know how to stop this.

I have in the past seen this and large pics ending up in members rep in the usercp

Is there anyway of stopping the [img] tags?

Dsyn11 · #3 04-11-2006, 12:08 PM

this is a fairly serious flaw and should be reported to vB bug tracker. If my members figure this out, I'll have to suspend the rep system as well.

Borgs8472 · #4 04-11-2006, 12:16 PM

I fixed this bug on my old forum, but I'm no longer a member there now and don't quite remember how I fixed it. If you ask at www.wordforge.net they should tell you.

Nathan2006 · #5 04-13-2006, 03:40 AM

I asked over at vb.com and Jake said: to ask over here

Quote:

Originally Posted by Jake Bunce

I believe it shares this setting:

Admin CP -> vBulletin Options -> User Profile Options -> Allow [IMG] Code in Signatures

And I checked it and it does cut off the images but is there anyone that can help to just disable the [img] tags in the rep comments?

Thanks for any help

jadkar · #6 04-16-2006, 12:21 AM

Nobody else

On this entire site of people developing all sorts of stuff nobody has any idea??

shockx5 · #7 06-15-2006, 10:33 PM

I'm gonna have to bump this because my members on my site are exploiting this little flaw by posting grotesque porn (not pretty) and dead bodies and stuff.

Pretty serious...so any help is appreciated, and I only want [IMG] disabled for Reps.

peterska2 · #8 06-15-2006, 10:55 PM

I can get all BB code disabled for reps, I'm just checking if it affects things like smilies now.

peterska2 · #9 06-15-2006, 11:18 PM

Here we go, enjoy

https://vborg.vbsupport.ru/showthread.php?t=118715

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.07521 seconds Memory Usage 2,240KB Queries Executed 13 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)ad_showthread_firstpost (1)ad_showthread_firstpost_sig (1)ad_showthread_firstpost_start (1)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (9)post_thanks_box (9)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (9)post_thanks_postbit_info (9)postbit (9)postbit_onlinestatus (9)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_postinfo_query fetch_postinfo fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!