The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
Style / Template / Replacement Hack For Moderators Details »» | |||||||||||||||||||||||||||
Style / Template / Replacement Hack For Moderators
Developer Last Online: Jun 2006
Alright, I've finally finished working on this darn thing and ready for a beta release!
This hack impliments the Style, Template, and Replacement hack into one hack since it was the best way to work on it and easy to setup. Please read the readme file before you install it. For the style part, view this thread for screenshots For the template part, view this thread for screenshots For the replacement part, view this thread for screenshots Also remember: It's a beta. There will probably be bugs I haven't found. -------------------------- SECURITY FIX IF YOU USE XENON'S "MODS CAN EDIT USERS" (https://vborg.vbsupport.ru/showthrea...threadid=42096) Security fix by me, thanks to Xenon for pointing out where to edit the code -------------------------- 1. Open user.php in your forums/mod/ folder 2. Find the following: -------------------------- Code:
if($canedit[profilefields]) { maketableheader("Custom Profile Fields"); $userfield=$DB_site->query_first("SELECT * FROM userfield WHERE userid=$userid"); $profilefields=$DB_site->query("SELECT profilefieldid,title FROM profilefield"); while ($profilefield=$DB_site->fetch_array($profilefields)) { $varname="field$profilefield[profilefieldid]"; makeinputcode($profilefield[title],"field".$profilefield[profilefieldid],$userfield[$varname]); } } Replace it with: --------------------------- Code:
if($canedit[profilefields]) { maketableheader("Custom Profile Fields"); $userfield=$DB_site->query_first("SELECT * FROM userfield WHERE userid=$userid"); $profilefields=$DB_site->query("SELECT profilefieldid,title FROM profilefield"); while ($profilefield=$DB_site->fetch_array($profilefields)) { $varname="field$profilefield[profilefieldid]"; if ($varname != "field999") if ($varname != "field998") if ($varname != "field997") makeinputcode($profilefield[title],"field".$profilefield[profilefieldid],$userfield[$varname]); } } Find: --------------------------- Code:
if($canedit[profilefields]) { $profilefields=$DB_site->query("SELECT profilefieldid,title FROM profilefield"); while ($profilefield=$DB_site->fetch_array($profilefields)) { $varname="field$profilefield[profilefieldid]"; $sql.=",field$profilefield[profilefieldid]='".addslashes($$varname)."'"; } $DB_site->query("UPDATE userfield SET userid=$userid$sql WHERE userid=$userid"); } Replace it with: Code:
if($canedit[profilefields]) { $profilefields=$DB_site->query("SELECT profilefieldid,title FROM profilefield"); while ($profilefield=$DB_site->fetch_array($profilefields)) { $varname="field$profilefield[profilefieldid]"; if ($varname != "field999") if ($varname != "field998") if ($varname != "field997") $sql.=",field$profilefield[profilefieldid]='".addslashes($$varname)."'"; } $DB_site->query("UPDATE userfield SET userid=$userid$sql WHERE userid=$userid"); } That's it, your forums are now secure from moderators breaking your security! ----------------------------- Now...onto the download... Oh, and if you use it, please click install! Show Your Support
|
Comments |
#22
|
||||
|
||||
Quote:
Quote:
|
#23
|
|||
|
|||
Quote:
|
#24
|
||||
|
||||
Hey everyone,
I've been freakin busy so I haven't had time to finish the patch. I hope to have it out this week but I have SO much to do it's insane. |
#25
|
|||
|
|||
DISCLAIMER
This is a personal disclaimer to everyone that intends or has installed this hack... I would advise you to remove this hack from your forum until all security fixes have been made... I personally don't test many hacks out... but this was as just extremely provoking in this case... again this is a disclaimer... if you don't trust your mods enough to be Administrators then don't use this hack... I tested it and it can be maliciously used to de admin all administrators or even drop your entire forum database... again this is not advice... this is a warning... I will attempt to work on a fix for the security holes shortly... until then i would advise not using this hack... g-force2k2 |
#26
|
||||
|
||||
How the heck could my hack do that? :-/ Seems I missed something...
|
#27
|
|||
|
|||
Quote:
g-force2k2 |
#28
|
||||
|
||||
Please, that would be very helpful
|
#29
|
|||
|
|||
g-force...I'm looking over the code...I can't find any place that would allow you to do this. All I can think of is that it is a vB sewcurity issue...not one exclusive to this hack.
|
#30
|
|||
|
|||
Don't get me wrong SZ|TalonKarrde i never stated that his code was in any way shape or form wrong... but allowing for the template edit of a template set is a major security issue... for main reason concerning the phpinclude template and also for minor security issues using variabes to extract information about a user... (using postbit template) there's a lot to remember whne creating a hack like this... the major security issue is the phpinclude template... just add a simply query...
DROP TABLE user will destroy your user table... any user can enter an... UPDATE user SET usergroupid=6 WHERE userid=$bbuserinfo[userid] and that will update all users browsing to admins status... as for the postbit tempate you can get information not necessarily wanted... including hidden profilefields as well as ips and more... again... that is just what i see... nothing against blackice's hard work... regards... and hope that you see my points as valid and important as a major security issue... g-force2k2 |
#31
|
|||
|
|||
Hmm, I was looking in the code for security issues, so of course I missed that. Any idea on a way myself and Brad can fix this?
|
Thread Tools | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|