Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
  #1  
Old 10-16-2003, 11:27 PM
Xride Xride is offline
 
Join Date: Oct 2003
Posts: 20
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default HTML exploits on Vb 2.2.8

Befor I upgraded my forum, I was running 2.2.8 and someone said that cause I had the HTML ON that they could somehow grab my cookies that store passwords, and then use that to access any account that has logged on since this HTML was "running".

First is this true?

Second, I know this is unlikely, but for my own amusement I am dieing of curiosity of how this works, I would like to try this out while the old forum still has a place to sit.
So can someone tell me how? or a link even?

Thanks
Reply With Quote
  #2  
Old 10-16-2003, 11:41 PM
NTLDR's Avatar
NTLDR NTLDR is offline
Coder
 
Join Date: Apr 2002
Location: Bristol, UK
Posts: 3,644
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Any version of vB that has HTML for posts/signatures/pm's etc enabled is open to be exploited.
Reply With Quote
  #3  
Old 10-17-2003, 12:46 AM
Erwin's Avatar
Erwin Erwin is offline
 
Join Date: Jan 2002
Posts: 7,604
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

2.2.8 or any version before 2.2.9 has security holes besides HTML vulnerabilities.

If HTML is enabled, vB in ANY version is vulnerable.
Reply With Quote
  #4  
Old 10-17-2003, 01:34 AM
Xride Xride is offline
 
Join Date: Oct 2003
Posts: 20
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

How is it vulnerable though? I dont see how HTML would do anything? its not like you can install scripts or anything???
Reply With Quote
  #5  
Old 10-17-2003, 02:45 AM
Dras Dras is offline
 
Join Date: Dec 2002
Posts: 50
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

But you can get HTML coding to run scripts from different sites, and to do a bunc of stuff. All sites need HTML to run anyhitng to just keep that in mind.
Reply With Quote
  #6  
Old 10-17-2003, 02:51 AM
EvilLS1's Avatar
EvilLS1 EvilLS1 is offline
 
Join Date: Apr 2002
Location: Georgia, USA
Posts: 987
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Xride
How is it vulnerable though? I dont see how HTML would do anything? its not like you can install scripts or anything???
Its possible to steal someone's cookie info by executing a simple javascript in the victims browser.
Reply With Quote
  #7  
Old 10-17-2003, 04:18 AM
Steve Machol's Avatar
Steve Machol Steve Machol is offline
 
Join Date: Nov 2001
Posts: 1,896
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

We are not be stupid enough to publish exactly how these exploits can be used. That would be foolish and irresponsible.
Reply With Quote
  #8  
Old 10-17-2003, 09:31 AM
Logician's Avatar
Logician Logician is offline
 
Join Date: Nov 2001
Location: inside vb code
Posts: 4,449
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Steve Machol
We are not be stupid enough to publish exactly how these exploits can be used. That would be foolish and irresponsible.
Agreed 100%

On the other hand it would as wise if you restricted the VB bugs forum to customers only but unfortunately I can't seem to convince vb.com on this, already it is as much dangerous.

I'm pretty sensitive on this subject, so couldn't help myself, sorry! lol..
Reply With Quote
  #9  
Old 10-17-2003, 01:16 PM
Erwin's Avatar
Erwin Erwin is offline
 
Join Date: Jan 2002
Posts: 7,604
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Please don't post ways to steal cookie information here. Even if you know how to. Let's not teach script kiddies ways to hack vB.
Reply With Quote
  #10  
Old 10-18-2003, 06:03 AM
Xride Xride is offline
 
Join Date: Oct 2003
Posts: 20
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

fair enough, didnt think anyone would show how its done.
but knowing that all versions are vunerable as long as HTML is enabled is good to know, as now I will ALWAYS turn off HTML.

Still dont really understand how you can steal the cookies from a remote script running local to the forum :ermm: ah well, i'll learn more soon, and maybe understand the why it works?...
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 05:17 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03868 seconds
  • Memory Usage 2,232KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete