Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > Premium Archives > vbBux / vbPlaza
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
vbBux / vbPlaza v1.5.8 has been released! Details »»
vbBux / vbPlaza v1.5.8 has been released!
Version: , by CMX_CMGSCCC CMX_CMGSCCC is offline
Developer Last Online: Sep 2014 Show Printable Version Email this Page

Version: Unknown Rating:
Released: 07-13-2006 Last Update: Never Installs: 0
 
No support by the author.

A quick release to address a critical bug.

Get it at --> https://vborg.vbsupport.ru/showthread.php?t=106953

A NOTE: This will be one of the last releases of vbBux / vbPlaza in its V1.x format.

But do not fear, vbBux / vbPlaza V2.0 is in the pipeline and will be bigger and better than before

U ask how can it be bigger and better? Stay tuned!!!

-CMX

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #102  
Old 02-09-2007, 06:55 PM
HPIA HPIA is offline
 
Join Date: Jul 2006
Posts: 196
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

/me lubs CMX
Reply With Quote
  #103  
Old 02-09-2007, 07:26 PM
Shazz's Avatar
Shazz Shazz is offline
 
Join Date: Jun 2006
Location: Utah
Posts: 4,758
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Aclikyano View Post
This hack has an EXPLOIT IN IT !.
a few sites as I recall somewere on this board were HACKED thru the donation feature!.
it has been removed until the ex is fixed.
Yes, there should be a announment in the vBplaza forum about it..
Reply With Quote
  #104  
Old 02-09-2007, 08:28 PM
Brandon Sheley's Avatar
Brandon Sheley Brandon Sheley is offline
 
Join Date: Mar 2005
Location: Google Kansas
Posts: 4,678
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Shazz View Post
Could have just closed the thread.
Now many people are going to be confused where to get the store
actually, close the thread and we have no clue, but remove the file and no one else will be infected and we know whats going on.


just my 2 cents on that

i hope a fix is found soon, altho I don't use this hack, I know many ppl that do.
Reply With Quote
  #105  
Old 02-09-2007, 09:29 PM
Shazz's Avatar
Shazz Shazz is offline
 
Join Date: Jun 2006
Location: Utah
Posts: 4,758
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Loco.M View Post
actually, close the thread and we have no clue, but remove the file and no one else will be infected and we know whats going on.


just my 2 cents on that

i hope a fix is found soon, altho I don't use this hack, I know many ppl that do.
Closing thread removing file, posting one final post on the exploit would answer many questions and wouldn't confuse anyone who is looking for it..

my 2 cents
Reply With Quote
  #106  
Old 02-09-2007, 09:35 PM
fly fly is offline
 
Join Date: Oct 2003
Posts: 1,215
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Closing thread, posting code to exploit hack, eating cookies, kick a dead horse..

I think that should be the order

my 2 cents
Reply With Quote
  #107  
Old 02-10-2007, 09:02 PM
Ski-Whiz's Avatar
Ski-Whiz Ski-Whiz is offline
 
Join Date: May 2003
Posts: 214
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I think they (staff here), should at least provide some feedback to the members which have it installed..

We don't have any clue whether it was only the donation part in which it was exploited. We are guessing at the fix. Now I know CMX knows, but to just uninstall the mod/hack is not an option for most.

Now I have disabled it, but how long do we have to wait before they release the exploit? I mean if CMX is busy, then at least let some coders know, so they can give temp advice etc..

Just my $.02.....
Reply With Quote
  #108  
Old 02-11-2007, 04:12 AM
Universal Universal is offline
 
Join Date: Sep 2006
Posts: 60
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Ski-Whiz View Post
I think they (staff here), should at least provide some feedback to the members which have it installed..

We don't have any clue whether it was only the donation part in which it was exploited.

Below was said in another thread. Even though they do not mention how the exploits work, it does mention other exploits involved. I agree in part with them not sharing the in-depth information as then coders might even take advantage of the exploit themselves, although some people have mentioned what the main exploit is.

Quote:
Originally Posted by Paul M View Post
Artificial_Alex reported an exploit which we investigated and confirmed - not only that but the investigations revealed other exploits in the code as well. As per our policy on such matters, the modification has been removed until such time as the holes are fixed.
Quote:
Originally Posted by Paul M View Post
The staff are not here to fix broken/exploited modifications, occasionally one may do so if they have the time (or use the mod themselves) but that's all. Fixing is the responsibility of the author.

This is part of the email people got who clicked install for this hack.

Quote:
Official Security Exploit Warning:

The staff has been notified of a potential XSS vulnerability in the vbBux / vbPlaza modification. We have confirmed the exploit along with additional exploits in varying degrees. This notification is to serve as an official warning - it is HIGHLY recommended that you disable/uninstall the modification until a fix is provided.

Hope that helps a bit.
Reply With Quote
  #109  
Old 02-11-2007, 05:24 AM
fly fly is offline
 
Join Date: Oct 2003
Posts: 1,215
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Ski-Whiz View Post
I think they (staff here), should at least provide some feedback to the members which have it installed..

We don't have any clue whether it was only the donation part in which it was exploited. We are guessing at the fix. Now I know CMX knows, but to just uninstall the mod/hack is not an option for most.

Now I have disabled it, but how long do we have to wait before they release the exploit? I mean if CMX is busy, then at least let some coders know, so they can give temp advice etc..

Just my $.02.....
You sure are asking a lot for the price. Maybe you should pay with your hard earned time to fix it for us
Reply With Quote
  #110  
Old 02-11-2007, 12:21 PM
hitboy hitboy is offline
 
Join Date: Jan 2007
Posts: 58
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I dont think the staff should fix it nor say anything but they should at least tell the orginal coder of this new exploits so it can be fixed lol just my 2 cents
Reply With Quote
  #111  
Old 02-11-2007, 04:46 PM
Zia's Avatar
Zia Zia is offline
 
Join Date: Dec 2005
Location: golpo.net
Posts: 931
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by hitboy View Post
I dont think the staff should fix it nor say anything but they should at least tell the orginal coder of this new exploits so it can be fixed
i gez staff inform the author.
So far i can remember ecDownlods by R0n1n also had exploit problem.By this time R0n1n got inactive.The co-author Westpointer(dont know he changed his nick to something) pick that up and release a new ver. with new name.

with that ref. i think CMX got information. only staff can confirm weather they inform or not.


but qus is that how long it will take to get the fix....
See here..
https://vborg.vbsupport.ru/showpost....8&postcount=37
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:50 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.10522 seconds
  • Memory Usage 2,317KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (9)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete