Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > Premium Archives > ibProArcade Archive
Reload this Page Safe or not ??
FAQ Members List Calendar Search Today's Posts Mark Forums Read
Safe or not ?? Details »»
Safe or not ??
MOD Information
The Developer
 
Version: , by fookaa fookaa is offline
Developer Last Online: Jan 2019 Show Printable Version Email this Page
Version: Unknown Rating:
Released: 09-02-2014 Last Update: Never Installs: 0
 
No support by the author.

Hi,

I was searching around for games for my arcade and stumbled upon a post suggesting this mod is subject to a SQLi error and it is one of the most exploited SQLi's ever oO !!!

So is this true ? If so is there an exploit fix ?

The post saying this was posted on 05-18-2013 and the last update for this mod was on 27 Feb 2012 so im a bit worried now ....

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #2  
Old 09-02-2014, 06:01 PM
Dave Dave is offline
 
Join Date: May 2010
Posts: 2,583
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I checked the source quickly (mainly the queries), but it seems safe.

addslashes is used at some places which is not safe if you use a certain character encoding, but I doubt anyone would ever use any of these character encodings for a vBulletin forum.
Reply With Quote
  #3  
Old 09-02-2014, 06:43 PM
fookaa fookaa is offline
 
Join Date: Dec 2009
Posts: 85
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I just sent you a pm of the warning post I found...
Reply With Quote
  #4  
Old 09-02-2014, 07:12 PM
tbworld tbworld is offline
 
Join Date: Oct 2008
Posts: 2,126
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by fookaa View Post
I just sent you a pm of the warning post I found...
Please send me a copy of the post or the URL, I would appreciate it.
Reply With Quote
  #5  
Old 09-02-2014, 07:18 PM
fookaa fookaa is offline
 
Join Date: Dec 2009
Posts: 85
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by tbworld View Post
Please send me a copy of the post or the URL, I would appreciate it.
Sent..

--------------- Added [DATE]1409690013[/DATE] at [TIME]1409690013[/TIME] ---------------

So whats the verdict ?

--------------- Added [DATE]1409691313[/DATE] at [TIME]1409691313[/TIME] ---------------

im trying to reply to your PM but this site keeps timing out ?
Reply With Quote
  #6  
Old 09-02-2014, 08:34 PM
tbworld tbworld is offline
 
Join Date: Oct 2008
Posts: 2,126
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
[quote=fookaa;2513538]Sent..

--------------- Added 02 Sep 2014 at 13:33 ---------------

So whats the verdict ?

Taking a quick look at version 2.7.2+, this should not be an issue, as they are now parsing the query string for SQL commands among other things. You should be using a PHP version of 3.5 or greater as a minimum.

I will do some tests on it later this evening.
Reply With Quote
2 благодарности(ей) от:
blind-eddie, fookaa
  #7  
Old 09-05-2014, 09:31 PM
stangger5's Avatar
stangger5 stangger5 is offline
 
Join Date: Jan 2005
Location: Online
Posts: 1,130
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
What do you think about letting vBulletin Input Clean handle it ??
Reply With Quote
  #8  
Old 09-06-2014, 10:53 AM
fookaa fookaa is offline
 
Join Date: Dec 2009
Posts: 85
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Any news on this ?
Reply With Quote
  #9  
Old 09-06-2014, 10:58 AM
Dave Dave is offline
 
Join Date: May 2010
Posts: 2,583
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
It's safe.
Reply With Quote
  #10  
Old 09-06-2014, 01:12 PM
RichieBoy67's Avatar
RichieBoy67 RichieBoy67 is offline
 
Join Date: Apr 2004
Location: CT - Down in a hole..
Posts: 3,057
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Definitely safe.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 11:51 AM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04360 seconds
  • Memory Usage 2,282KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (10)post_thanks_box
  • (2)post_thanks_box_bit
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (10)post_thanks_postbit_info
  • (9)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete