This hack has an EXPLOIT IN IT !.
a few sites as I recall somewere on this board were HACKED thru the donation feature!.
it has been removed until the ex is fixed.
Yes, there should be a announment in the vBplaza forum about it..
I think they (staff here), should at least provide some feedback to the members which have it installed..
We don't have any clue whether it was only the donation part in which it was exploited. We are guessing at the fix. Now I know CMX knows, but to just uninstall the mod/hack is not an option for most.
Now I have disabled it, but how long do we have to wait before they release the exploit? I mean if CMX is busy, then at least let some coders know, so they can give temp advice etc..
I think they (staff here), should at least provide some feedback to the members which have it installed..
We don't have any clue whether it was only the donation part in which it was exploited.
Below was said in another thread. Even though they do not mention how the exploits work, it does mention other exploits involved. I agree in part with them not sharing the in-depth information as then coders might even take advantage of the exploit themselves, although some people have mentioned what the main exploit is.
Quote:
Originally Posted by Paul M
Artificial_Alex reported an exploit which we investigated and confirmed - not only that but the investigations revealed other exploits in the code as well. As per our policy on such matters, the modification has been removed until such time as the holes are fixed.
Quote:
Originally Posted by Paul M
The staff are not here to fix broken/exploited modifications, occasionally one may do so if they have the time (or use the mod themselves) but that's all. Fixing is the responsibility of the author.
This is part of the email people got who clicked install for this hack.
Quote:
Official Security Exploit Warning:
The staff has been notified of a potential XSS vulnerability in the vbBux / vbPlaza modification. We have confirmed the exploit along with additional exploits in varying degrees. This notification is to serve as an official warning - it is HIGHLY recommended that you disable/uninstall the modification until a fix is provided.
I think they (staff here), should at least provide some feedback to the members which have it installed..
We don't have any clue whether it was only the donation part in which it was exploited. We are guessing at the fix. Now I know CMX knows, but to just uninstall the mod/hack is not an option for most.
Now I have disabled it, but how long do we have to wait before they release the exploit? I mean if CMX is busy, then at least let some coders know, so they can give temp advice etc..
Just my $.02.....
You sure are asking a lot for the price. Maybe you should pay with your hard earned time to fix it for us
I dont think the staff should fix it nor say anything but they should at least tell the orginal coder of this new exploits so it can be fixed lol just my 2 cents
I dont think the staff should fix it nor say anything but they should at least tell the orginal coder of this new exploits so it can be fixed
i gez staff inform the author.
So far i can remember ecDownlods by R0n1n also had exploit problem.By this time R0n1n got inactive.The co-author Westpointer(dont know he changed his nick to something) pick that up and release a new ver. with new name.
with that ref. i think CMX got information. only staff can confirm weather they inform or not.