Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
Reload this Page I'm thinking of a hack..
FAQ Community Calendar Today's Posts Search

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 07-26-2002, 04:05 AM
Velocd's Avatar
Velocd Velocd is offline
 
Join Date: Mar 2002
Location: CA University
Posts: 1,696
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default I'm thinking of a hack..
..that I need your opinion on, and what vulnerabilities it could possibly cause for the forum.

This hack will create a new large profile field similar to the signature field in the user-profile page. There a user will allow to enter all the web authoring code they want (assume there is no block of which languages they could use), and then this code is stored in the user table as a new column of data, called "custompage".

I create a new template, inside the template I place $headinclude, $header, and $footer. Between the $header and $footer I place this variable: $custompage

$custompage referes to all the data that the user inputted into their field.

Initially, by a link in each users profile, which will look something like: http://www.mysite.com/forums/member.php?s=$session[sessionhash]&action=getcustompage&userid=$userinfo[userid], the member will be sent to a new page that contains all the content they entered in their custompage field. Ofcourse this content will be translated into weblanguage code, and thus displaying that users custom page!

Sounds cool, right? Well now I know the uses of HTML on the forum are bad enough for vulnerabilities, so what serious problems would occur allowing this?

What comes to my mind ofcourse is malicious users making PHP queries in the field and corrupting my database! Totally possible from my point of view. Other things include calling variables from the global.php, since it is being referenced in members.php, and also calling other variables from members.php.

So..to prevent these things, disabling (ofcourse) PHP and other non-HTMl/Javascript languages would probably be a very high priority. As for HTML and javacript itself though, what problems can occur?

Any help on this would be great!

Regards,
Velocd
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 01:53 AM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05663 seconds
  • Memory Usage 2,953KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)bbcode_code
  • (5)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (23)post_thanks_box
  • (23)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (23)post_thanks_postbit_info
  • (23)postbit
  • (1)postbit_attachment
  • (23)postbit_onlinestatus
  • (23)postbit_wrapper
  • (1)showthread_list
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_threadedmode.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids_threaded
  • showthread_threaded_construct_link
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • postbit_attachment
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete