Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
Reload this Page Warning to FlashChat users - security hole
FAQ Members List Calendar Search Today's Posts Mark Forums Read
  #1  
Old 08-31-2006, 10:12 PM
MPDev's Avatar
MPDev MPDev is offline
 
Join Date: Oct 2003
Location: Virginia
Posts: 885
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Warning to FlashChat users - security hole
GET /chat/inc/cmses/aedatingCMS.php?<exploit data>

Warning to users who use FlashChat - this script was just used to add an exploit script to my server.
Reply With Quote
  #2  
Old 08-31-2006, 10:37 PM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Please don't post full exploits where everyone can see them (and then go try them ....).

Anyone with Flashchat integrated with their VB should remove all the files from /chat/inc/cmses/ except the vbulletin##CMS.php file they are using (where ## is either 30, 35 or 36) as they are not used.
Reply With Quote
  #3  
Old 09-01-2006, 11:38 PM
PamelaE PamelaE is offline
 
Join Date: Feb 2005
Posts: 158
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
If you have already been 'hacked' into via this hole. Then do you need to do anything addtionally to resolve it ?
Reply With Quote
  #4  
Old 09-02-2006, 12:28 AM
Ascor's Avatar
Ascor Ascor is offline
 
Join Date: Jul 2006
Posts: 101
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
thank you for information MPDev
Reply With Quote
  #5  
Old 09-02-2006, 02:37 AM
FLMom's Avatar
FLMom FLMom is offline
 
Join Date: Feb 2006
Location: Florida
Posts: 386
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Paul M
Please don't post full exploits where everyone can see them (and then go try them ....).

Anyone with Flashchat integrated with their VB should remove all the files from /chat/inc/cmses/ except the vbulletin##CMS.php file they are using (where ## is either 30, 35 or 36) as they are not used.

Thanks Paul for this! I removed all files but the 30, 35, and 36 because I just wasn't sure which one I needed :surprised:
Reply With Quote
  #6  
Old 09-02-2006, 02:50 AM
Ntfu2 Ntfu2 is offline
 
Join Date: Feb 2006
Posts: 1,247
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
FLMom

which version of vBulletin do you use?

I'd assume 30 is for the 3.0.x series, 35 is for 3.5.x and 36 is for vBulletin 3.6

Hope that helps, and glad i dont have this anymore
Reply With Quote
  #7  
Old 09-02-2006, 09:08 AM
jw00dy's Avatar
jw00dy jw00dy is offline
 
Join Date: Dec 2004
Location: Utah
Posts: 250
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Thanks for the heads up. I'm a nut about space, so these already didn't exist, but it's still great to know.
Reply With Quote
  #8  
Old 09-02-2006, 09:43 AM
bashy bashy is offline
 
Join Date: Nov 2005
Posts: 2,544
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Cheers peeps...issues pre-resolved
Reply With Quote
  #9  
Old 09-02-2006, 10:06 AM
steven s's Avatar
steven s steven s is offline
 
Join Date: Aug 2004
Location: Greenville, SC
Posts: 572
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by FLMom
Thanks Paul for this! I removed all files but the 30, 35, and 36 because I just wasn't sure which one I needed :surprised:
Look in your chat directory /inc/config.php

Line 55 in my file
Code:
//your CMS system
'CMSsystem' => 'vbulletinXXCMS',// defaultCMS - default CMS, blank - stateless CMS
Reply With Quote
  #10  
Old 09-02-2006, 11:26 AM
Rebecca217 Rebecca217 is offline
 
Join Date: May 2002
Posts: 84
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Thanks for posting the fix, Paul.

Rebecca
Reply With Quote
Reply
Page 1 of 6 1 23 Last »

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 06:34 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04630 seconds
  • Memory Usage 2,249KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_code
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete