Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 2.x > vBulletin 2.x Beta Releases

Reply
 
Thread Tools
Style / Template / Replacement Hack For Moderators Details »»
Style / Template / Replacement Hack For Moderators
Version: 1.00, by blackice912 blackice912 is offline
Developer Last Online: Jun 2006 Show Printable Version Email this Page

Version: 2.2.x Rating:
Released: 09-20-2002 Last Update: Never Installs: 13
Is in Beta Stage  
No support by the author.

Alright, I've finally finished working on this darn thing and ready for a beta release!

This hack impliments the Style, Template, and Replacement hack into one hack since it was the best way to work on it and easy to setup.

Please read the readme file before you install it.

For the style part, view this thread for screenshots

For the template part, view this thread for screenshots

For the replacement part, view this thread for screenshots

Also remember: It's a beta. There will probably be bugs I haven't found.

--------------------------
SECURITY FIX IF YOU USE XENON'S "MODS CAN EDIT USERS"
(https://vborg.vbsupport.ru/showthrea...threadid=42096)
Security fix by me, thanks to Xenon for pointing out where to edit the code
--------------------------
1. Open user.php in your forums/mod/ folder

2. Find the following:
--------------------------
Code:
  if($canedit[profilefields]) {
    maketableheader("Custom Profile Fields");
    $userfield=$DB_site->query_first("SELECT * FROM userfield WHERE userid=$userid");

    $profilefields=$DB_site->query("SELECT profilefieldid,title FROM profilefield");
    while ($profilefield=$DB_site->fetch_array($profilefields)) {
      $varname="field$profilefield[profilefieldid]";
      makeinputcode($profilefield[title],"field".$profilefield[profilefieldid],$userfield[$varname]);
    }
  }
---------------------------

Replace it with:
---------------------------
Code:
 if($canedit[profilefields]) { 
   maketableheader("Custom Profile Fields"); 
   $userfield=$DB_site->query_first("SELECT * FROM userfield WHERE userid=$userid"); 
  
   $profilefields=$DB_site->query("SELECT profilefieldid,title FROM profilefield"); 
   while ($profilefield=$DB_site->fetch_array($profilefields)) { 
    $varname="field$profilefield[profilefieldid]";
   if ($varname != "field999")
   if ($varname != "field998") 
   if ($varname != "field997") 
     makeinputcode($profilefield[title],"field".$profilefield[profilefieldid],$userfield[$varname]); 
   } 
 }
-----------------------------

Find:
---------------------------
Code:
  if($canedit[profilefields]) {
    $profilefields=$DB_site->query("SELECT profilefieldid,title FROM profilefield");
    while ($profilefield=$DB_site->fetch_array($profilefields)) {
      $varname="field$profilefield[profilefieldid]";
      $sql.=",field$profilefield[profilefieldid]='".addslashes($$varname)."'";
    }
    $DB_site->query("UPDATE userfield SET userid=$userid$sql WHERE userid=$userid");
  }
---------------------------
Replace it with:
Code:
  if($canedit[profilefields]) {
    $profilefields=$DB_site->query("SELECT profilefieldid,title FROM profilefield");
    while ($profilefield=$DB_site->fetch_array($profilefields)) {
      $varname="field$profilefield[profilefieldid]";
if ($varname != "field999")
if ($varname != "field998")
if ($varname != "field997")
      $sql.=",field$profilefield[profilefieldid]='".addslashes($$varname)."'";
    }
    $DB_site->query("UPDATE userfield SET userid=$userid$sql WHERE userid=$userid");
  }
Save and upload.

That's it, your forums are now secure from moderators breaking your security!
-----------------------------

Now...onto the download...

Oh, and if you use it, please click install!

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #22  
Old 09-27-2002, 07:57 AM
blackice912's Avatar
blackice912 blackice912 is offline
 
Join Date: Jun 2002
Location: Tacoma, WA
Posts: 144
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally posted by GamerForums
Have you fixed the flaw? I'd like to update my install.
Oops, ha I forgot to upload it. My bad, I'll do it after school today.

Quote:
Originally posted by SZ|TalonKarrde
That's it. I'm going to release a hack just to spite you.
Big words little man
Reply With Quote
  #23  
Old 09-28-2002, 06:29 PM
SZ|TalonKarrde SZ|TalonKarrde is offline
 
Join Date: Jun 2002
Posts: 60
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally posted by blackice912

Big words little man
I alreeady posted the idea in the SD1 exec forums...now I just have to learn how to do all of that =P./me decides to go for intergration instead of a completely new system.
Reply With Quote
  #24  
Old 10-01-2002, 02:31 AM
blackice912's Avatar
blackice912 blackice912 is offline
 
Join Date: Jun 2002
Location: Tacoma, WA
Posts: 144
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hey everyone,

I've been freakin busy so I haven't had time to finish the patch. I hope to have it out this week but I have SO much to do it's insane.
Reply With Quote
  #25  
Old 10-01-2002, 03:46 AM
g-force2k2 g-force2k2 is offline
 
Join Date: Mar 2002
Location: Everywhere you wanna be..
Posts: 1,608
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

DISCLAIMER

This is a personal disclaimer to everyone that intends or has installed this hack... I would advise you to remove this hack from your forum until all security fixes have been made... I personally don't test many hacks out... but this was as just extremely provoking in this case... again this is a disclaimer... if you don't trust your mods enough to be Administrators then don't use this hack... I tested it and it can be maliciously used to de admin all administrators or even drop your entire forum database... again this is not advice... this is a warning...

I will attempt to work on a fix for the security holes shortly... until then i would advise not using this hack...

g-force2k2
Reply With Quote
  #26  
Old 10-01-2002, 06:11 AM
blackice912's Avatar
blackice912 blackice912 is offline
 
Join Date: Jun 2002
Location: Tacoma, WA
Posts: 144
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

How the heck could my hack do that? :-/ Seems I missed something...
Reply With Quote
  #27  
Old 10-01-2002, 10:18 AM
g-force2k2 g-force2k2 is offline
 
Join Date: Mar 2002
Location: Everywhere you wanna be..
Posts: 1,608
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally posted by blackice912
How the heck could my hack do that? :-/ Seems I missed something...
blackice912 don't get me wrong seems you did a good job... if you want i can pm you what i think... regards... again nothing against your hack

g-force2k2
Reply With Quote
  #28  
Old 10-02-2002, 05:27 AM
blackice912's Avatar
blackice912 blackice912 is offline
 
Join Date: Jun 2002
Location: Tacoma, WA
Posts: 144
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Please, that would be very helpful
Reply With Quote
  #29  
Old 10-03-2002, 09:22 PM
SZ|TalonKarrde SZ|TalonKarrde is offline
 
Join Date: Jun 2002
Posts: 60
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

g-force...I'm looking over the code...I can't find any place that would allow you to do this. All I can think of is that it is a vB sewcurity issue...not one exclusive to this hack.
Reply With Quote
  #30  
Old 10-04-2002, 01:58 AM
g-force2k2 g-force2k2 is offline
 
Join Date: Mar 2002
Location: Everywhere you wanna be..
Posts: 1,608
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Don't get me wrong SZ|TalonKarrde i never stated that his code was in any way shape or form wrong... but allowing for the template edit of a template set is a major security issue... for main reason concerning the phpinclude template and also for minor security issues using variabes to extract information about a user... (using postbit template) there's a lot to remember whne creating a hack like this... the major security issue is the phpinclude template... just add a simply query...

DROP TABLE user

will destroy your user table... any user can enter an...

UPDATE user SET usergroupid=6 WHERE userid=$bbuserinfo[userid]

and that will update all users browsing to admins status...

as for the postbit tempate you can get information not necessarily wanted... including hidden profilefields as well as ips and more...

again... that is just what i see... nothing against blackice's hard work... regards... and hope that you see my points as valid and important as a major security issue...

g-force2k2
Reply With Quote
  #31  
Old 10-04-2002, 04:21 AM
SZ|TalonKarrde SZ|TalonKarrde is offline
 
Join Date: Jun 2002
Posts: 60
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hmm, I was looking in the code for security issues, so of course I missed that. Any idea on a way myself and Brad can fix this?
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:58 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.06579 seconds
  • Memory Usage 2,311KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (4)bbcode_code
  • (4)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete