Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > Premium Archives > vbBux / vbPlaza

Reply
 
Thread Tools
vbBux / vbPlaza v1.5.8 has been released! Details »»
vbBux / vbPlaza v1.5.8 has been released!
Version: , by CMX_CMGSCCC CMX_CMGSCCC is offline
Developer Last Online: Sep 2014 Show Printable Version Email this Page

Version: Unknown Rating:
Released: 07-13-2006 Last Update: Never Installs: 0
 
No support by the author.

A quick release to address a critical bug.

Get it at --> https://vborg.vbsupport.ru/showthread.php?t=106953

A NOTE: This will be one of the last releases of vbBux / vbPlaza in its V1.x format.

But do not fear, vbBux / vbPlaza V2.0 is in the pipeline and will be bigger and better than before

U ask how can it be bigger and better? Stay tuned!!!

-CMX

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #42  
Old 02-05-2007, 09:16 PM
sim tech sim tech is offline
 
Join Date: Jan 2005
Location: Georgia
Posts: 140
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I just received these emails, but the links are not present (at least for my account):



Quote:
vbBux / vbPlaza v1.5.8 (Points + Store System)
https://vborg.vbsupport.ru/showthrea...hreadid=106953


Official Security Exploit Warning:

The staff has been notified of a potential XSS vulnerability in the vbBux / vbPlaza modification. We have confirmed the exploit along with additional exploits in varying degrees. This notification is to serve as an official warning - it is HIGHLY recommended that you disable/uninstall the modification until a fix is provided.
Reply With Quote
  #43  
Old 02-05-2007, 09:20 PM
Greek76's Avatar
Greek76 Greek76 is offline
 
Join Date: Aug 2006
Location: Planet Earth
Posts: 440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Same here no permission to view thread.
Reply With Quote
  #44  
Old 02-05-2007, 09:21 PM
Artificial_Alex Artificial_Alex is offline
 
Join Date: Nov 2006
Posts: 123
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Yes, I reported it.


I would say how its being exploited, but I don't think I can post it publicly.
Reply With Quote
  #45  
Old 02-05-2007, 09:24 PM
Deimos Deimos is offline
 
Join Date: Oct 2002
Posts: 529
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I assume the links were to the old threads with the attachments in them
So they've probably been moved to a hidden area till the scripts get fixed.
Reply With Quote
  #46  
Old 02-05-2007, 09:25 PM
Artificial_Alex Artificial_Alex is offline
 
Join Date: Nov 2006
Posts: 123
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It was being exploited to get users/staff's passwords.

My WHOLE staff got their passwords obtained by this person exploiting it.
Reply With Quote
  #47  
Old 02-05-2007, 09:25 PM
Deimos Deimos is offline
 
Join Date: Oct 2002
Posts: 529
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Really? good lord..
Reply With Quote
  #48  
Old 02-05-2007, 09:28 PM
Artificial_Alex Artificial_Alex is offline
 
Join Date: Nov 2006
Posts: 123
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Yeah....x___x


Atleast Princeston[sp=?] reacted quickly to my PM.

Ididn't think he'd believe me, the way the exploit worked, but they did, and i was right.
Reply With Quote
  #49  
Old 02-05-2007, 10:26 PM
zappsan's Avatar
zappsan zappsan is offline
 
Join Date: Sep 2004
Posts: 188
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Artificial_Alex View Post
It was being exploited to get users/staff's passwords.


My WHOLE staff got their passwords obtained by this person exploiting it.
Wow, thank you very much for reporting it.
I disabled the hack for now, hope I'm safe.

I really hope CMX won't abandon this completely and fix the problem.
Reply With Quote
  #50  
Old 02-05-2007, 11:05 PM
tpearl5's Avatar
tpearl5 tpearl5 is offline
 
Join Date: Nov 2001
Location: PA
Posts: 1,014
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

ugg.. really hope this exploit gets fixed soon!
Reply With Quote
  #51  
Old 02-05-2007, 11:11 PM
Shazz's Avatar
Shazz Shazz is offline
 
Join Date: Jun 2006
Location: Utah
Posts: 4,758
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Errm, maybe it could be explained how they got in?
:|
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:25 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.07470 seconds
  • Memory Usage 2,296KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete